Important Security Upgrade : AjaXplorer 4.0.4 & 3.2.5

Summary

This is a very important security upgrade for the 4.0 branch. A vulnerability was discovered that could allow a non-logged user to access other files on the server file system. The “remember me” mechanism was also improved to lower the session hacking probability in case of “cookie stealing”.

If you are still running the 3.2.4 version, switching to the latest 4.0.4 version would be a good idea for both security and stability reasons. But if it’s not possible there is a patch available for upgrading to version 3.2.5 (see below). Please note however that this 3.2.5 is more or less considered “end-of-life” release for the 3.2.X branch.

Please refer to the AjaXplorer 4.0 release if you are installing for the first time or want to upgrade from 3.2.4.

v4.0.4

 

v3.2.5