This is a very important security upgrade for the 4.0 branch. A vulnerability was discovered that could allow a non-logged user to access other files on the server file system. The « remember me » mechanism was also improved to lower the session hacking probability in case of « cookie stealing ».
If you are still running the 3.2.4 version, switching to the latest 4.0.4 version would be a good idea for both security and stability reasons. But if it’s not possible there is a patch available for upgrading to version 3.2.5 (see below). Please note however that this 3.2.5 is more or less considered « end-of-life » release for the 3.2.X branch.
Please refer to the AjaXplorer 4.0 release if you are installing for the first time or want to upgrade from 3.2.4.
- License : Affero GPL
- Copyright : Charles du Jeu 2011
- Download : ajaxplorer-core-4.0.4.zip
- Install instructions : see the 4-steps installation guide, or use automatic upgrade in the application.
- Demo : http://ajaxplorer.info/demo
- Full package : ajaxplorer-core-3.2.5.zip
- Upgrade 3.2.4 to 3.2.5 : ajaxplorer-upgrade-3.2.4-3.2.5.zip