The main reason why we released 4.0.16 so soon after 4.0.15 is two minor security issues described in the CHANGELOG:
Quote:
Thu Sep 15 14:30:58 MSD 2005[*] - mclap - Security of the payment/smartpag_return.php script is improved.
Tue Sep 13 10:44:00 MSD 2005 [!] - svowl - Bug: Administrator with 'Fulfillment staff' membership was able to access the scripts hidden from him by entering the script URLs directly into the browser address line. Fixed.
|
Detailed information on these issues will be provided today via newsletter; patches are available for downloading from the File area of Help Desk (Updates/security-patch-2005-09-22.tgz).