ArcticDesk v1.2.6 addresses some important security issues outlined below, thus we urge you to update as soon as possible. For the release we have also addressed an issue with the operator edit message functionality under certain environments. The full changelog can be found at the end of this announcement.
Security Fixes
Case: AD-760, AD-774, AD-775 Type: Local file inclusion Severity: High Credit: Patrick at Rack911.net Description: By following a carefully crafted URL, it is possible to access local files on the server and view sensitive information.
Case: AD-777 Type: Local file inclusion Severity: High Credit: Internal ArcticDesk Team Description: By following a carefully crafted URL, it is possible to access local files on the server and view sensitive information.
Changelog
Bug Fixes
(AD-760, AD-774, AD-775, AD-777) - Fixed local file inclusion on certain actions
(AD-768) - Fixed issue where operator was unable to edit ticket messages
Add Comment