– Fix for SQLi vulnerability within admin area datatable scripts.
– Fix for XSS in admin ‘log file viewer’ and ‘get all file server paths’ script.
– Improved uniqueness of password reset hash.
Release notes: There are no database changes in this release. Changed files:
/admin/ajax/ – Entire folder
/admin/log_file_viewer.php
/core/includes/coreFunctions.class.php
/core/includes/uploader.class.php…
.