Vulnerability on minify

  • Resolved Horizont

    (@horizont)


    11 years, 6 months ago

    I know that this problem is not directly caused by BWPM but it could be very useful to know that all the 2.1.x versions (except the latest one) of Minify have a serious vulnerability regarding the acceptance of parameters containing null bytes on PHP file system functions as specified here:
    Issue as reported on Minify google group

    I can’t tell if this is actually going to involve wordpress BWPM users but it’s probably good to know.

    I saw that the current version of BWPM uses Minify 2.1.4 and from what i’ve learned from the Minify forum a urgent upgrade is required in order to keep your system safe.

    That being said i already did update the Minify library to 2.1.7 without spotting any issues with the plugin but I believe that if this issue is actually recognized as so, it will definitely be useful to have an update directly from the BWPM dev team.

    Happy wordpressing ??

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Vulnerability on minify’ is closed to new replies.