Skip to content
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.

Commit

Permalink
add apache common-fileupload jar pacakge security alarm
Browse files Browse the repository at this point in the history
  • Loading branch information
@Phinome
Phinome committed Apr 9, 2018
1 parent 217733b commit 089c7de
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ Get Started
## 重要安全通告:

UEditor 所提供的所有后端代码都仅为 DEMO 作用,切不可直接使用到生产环境中,目前已知 php 的代码会存在 ssrf 的安全漏洞。修复方式:使用最新的 Uploader.class [code](https://github.com/fex-team/ueditor/blob/dev-1.5.0/php/Uploader.class.php) .
1. commons-fileupload-1.3.1.jar 存在漏洞可能会导致 ddos,源代码中已经修改,使用老版本的用户,强烈推荐升级 commons-fileupload.jar 至最新版本。(2018-04-09).
2. UEditor 所提供的所有后端代码都仅为 DEMO 作用,切不可直接使用到生产环境中,目前已知 php 的代码会存在 ssrf 的安全漏洞。修复方式:使用最新的 Uploader.class [code](https://github.com/fex-team/ueditor/blob/dev-1.5.0/php/Uploader.class.php) .

## ueditor富文本编辑器介绍

Expand Down

0 comments on commit 089c7de

Please sign in to comment.