5.5.11
- February 28, 2019
Security
- Fixed command injection security vulnerability in Autodiscovery script (CVE-2019-9164) (thanks Paolo Giai of Shielder) -JO
- Fixed issue with permissions on config.inc.php and import_xiconfig.php allowing users to write to files (CVE-2019-9166) (thanks Paolo Giai of Shielder) -JO
- Fixed an XSS vulnerability that can be passed in using the xiwindow parameter (CVE-2019-9167) (thanks Paolo Giai of Shielder) -JO
- Fixed SQL injection when using Fuse Key and certain parameters (CVE-2019-9165) (thanks Paolo Giai of Shielder) -JO