phpIPAM - v1.6.0
Security
Enhancements, changes:
----------------------------
+ php8.3 compatibility;
+ MySQL 5.5.3+ is now required (support for utf8mb4);
+ Reverse-proxy users should review the new config.php $trust_x_forwarded_headers setting;
Security Fixes:
----------------------------
+ SQL injection in custom field enum/set types;
+ Directory traversal possible in RIPE query;
+ XSS (reflected) in 'bw-calulator-result.php';
+ XSS (reflected) by invalid email address response;
+ XSS (reflected) by /app/tools/subnet-masks/popup.php (#3738);
+ XSS (stored) in user widget settings;
+ XSS and LDAP injection in ad-search-result.php;
+ XSS and LDAP injection in ad-search-group-result.php;
+ Restrict find_full_subnets.php to CLI;
+ Ensure confidentiality of database password;
Security
Security wording was detected, but no CVEs were found.
Details
date
Dec. 13, 2023, 11:57 a.m.
name
1.6.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all phpIPAM releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!