Important Security Upgrade : AjaXplorer 4.0.4 & 3.2.5

Summary

This is a very important security upgrade for the 4.0 branch. A vulnerability was discovered that could allow a non-logged user to access other files on the server file system. The « remember me » mechanism was also improved to lower the session hacking probability in case of « cookie stealing ».

If you are still running the 3.2.4 version, switching to the latest 4.0.4 version would be a good idea for both security and stability reasons. But if it’s not possible there is a patch available for upgrading to version 3.2.5 (see below). Please note however that this 3.2.5 is more or less considered « end-of-life » release for the 3.2.X branch.

Please refer to the AjaXplorer 4.0 release if you are installing for the first time or want to upgrade from 3.2.4.

v4.0.4

 

v3.2.5