0a669704ea
- Smarty 4.1.1 → 4.5.6 (behebt dynamic property deprecations) - Core-Klassen: #[\AllowDynamicProperties] für Admin_role, base, Config, Customer, Customer_group, CustomerGroups, Item, Structure, website - website.class.php: counts[parent_id] initialisieren vor ++ (PHP 8.1) - layout.class.php: HTTP_ACCEPT_LANGUAGE mit isset-Guard - website_init.php: session_status()-Check vor session_start - .htaccess: HTTPS-Redirect via X-Forwarded-Proto (statt SERVER_PORT) - themes/easyshop_advanced/media/: Parent-Theme-Assets nachgezogen - .gitignore: smarty.4.1.1.bak ausschließen
21 lines
736 B
Markdown
21 lines
736 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
Smarty currently supports the latest minor version of Smarty 3 and Smarty 4.
|
|
|
|
| Version | Supported |
|
|
|---------|--------------------|
|
|
| 4.3.x | :white_check_mark: |
|
|
| 3.1.x | :white_check_mark: |
|
|
| < 3.1 | :x: |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you have discovered a security issue with Smarty, please contact us at mail [at] simonwisselink.nl. Do not
|
|
disclose your findings publicly and **PLEASE** do not file an Issue (because that would disclose your findings
|
|
publicly.)
|
|
|
|
We will try to confirm the vulnerability and develop a fix if appropriate. When we release the fix, we will publish
|
|
a security release. Please let us know if you want to be credited.
|