SQL Injection ?

[jcbravo]

Where ? how can we fix it?

https://vel.joomla.org/vel-blog/2127-attachments-3-2-5-sql-injection

[jmcameron]

Thank you. I heard about this but have not had a chance to fix it yet.

-Jonathan

On Wed, Mar 21, 2018 at 5:31 AM, jcbravo notifications@github.com wrote:

Where ? how can we fix it?

https://vel.joomla.org/vel-blog/2127-attachments-3-2-5-sql-injection

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jmcameron/attachments/issues/19, or mute the thread https://github.com/notifications/unsubscribe-auth/AADywV-wEu7Qn0RwQegOuCKQR_fC_wFcks5tgkgogaJpZM4SzlX0 .

[Klipper]

When you expect to have this fixed? Because we use attachments very much on our site.

[jmcameron]

I hope to fix it this weekend.

-Jonathan

On Thu, Mar 22, 2018 at 2:38 PM, Klipper notifications@github.com wrote:

When you expect to have this fixed? Because we use attachments very much on our site.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jmcameron/attachments/issues/19#issuecomment-375466143, or mute the thread https://github.com/notifications/unsubscribe-auth/AADywRfhmy5VDfQpAyJLF3h6R3o-qClqks5thBnAgaJpZM4SzlX0 .

[jcbravo]

Hello @jmcameron , Is the SQL injection fixed in 3.2.6 ?

[jmcameron]

I have fixed this but it is going to take a day or two to release it. In the meantime, here is the link to a fixed version:

http://jmcameron.net/attachments/downloads/attachments-3.2.6-Beta5.zip

As usual, you should be able to install this over any existing version. Backup first!

Once Attachments version 3.2.6 is officially released, you will be able to update easily from the Joomla control panel.

This version has a couple of small issues that I will address in a follow-up release.

-Jonathan

[jcbravo]

Thank you @jmcameron