pinEdit Security Update

The operating system is the basic security system.
Therefore it is recommended to be very careful with rights of web user.
Do not grant read/write/execution rights to file system excepted the locations where you want to upload files and read files/images.

We have added a second security level around pinEdit web versions to be able to better control uploading and reading of files and images.
If the rights of the web user or web application are not properly set then it might be possible to upload unwanted files to unwanted folders, read directory structure or read files.

To avoid security vulnerabilities we provide the security update for pinEdit 6 and 7 which can be found here.
For pinEdit 5 we can only offer a partial fix that can be found here.
For all older versions than 6 it is recommended to update to version 7.1.

Just overcopy the files and edit editor/config/security.xml to set the allowed file path and extensions.
If you do not use the style editor or pinUpload then remove the folders editor/css and editor/upload.

There are also updates for stand-alone versions of pinStyle and pinUpload.

We recommend all users to install the security update to profit of the additional security level.