Dear foodsoft users,
A security vulnerability has been found in foodsoft 3.2.0. This has
been fixed in foodsoft 3.2.1, which was released today. Everyone who
is running a foodsoft installation is invited to update as soon as
possible.
https://github.com/foodcoops/foodsoft/tree/v3.2.1
Scope: existing users could leverage admin privileges.
If your group only has accounts for a group of trusted members, this
issue is not so serious. If you offer 'guest' or 'demo' accounts or
allow public signup (using the
signup
plugin), you are advised to take action immediately.
Apologies for the inconvenience.
Kind regards,
- Willem
Locked
