There have been a large number of security vulnerabilities reported in all past versions (v2.3.9 patch #1 and earlier). These include SQL injections, XSS, RCE, remote file execution, standard security permission compromise, etc... Due to the large number of reports, the fixes will likely require an early release of the next version (2.4.0) instead of a patch to v2.3.9. It will also make the previously supported v2.1.4 and v2.2.3 packages completely obsolete and not recommended for use.
exponentcms
commented
4 years ago
There have been a large number of security vulnerabilities reported in all past versions (v2.3.9 patch #1 and earlier). These include SQL injections, XSS, RCE, remote file execution, standard security permission compromise, etc... Due to the large number of reports, the fixes will likely require an early release of the next version (2.4.0) instead of a patch to v2.3.9. It will also make the previously supported v2.1.4 and v2.2.3 packages completely obsolete and not recommended for use.