More info on v230808 "Potential security issue"?

bill · 10 August 2023 16:25

Hi! In https://s2member.com/changelog/, the v230808 release includes:

(Framework) Fix : Potential security issue under rare circumstances. Fixed in this release.

Could you give more detail on this? I would like to be able to confirm that our site was not affected by this vulnerability before this release.

Is this the same vulnerability described in: V230808 error using s2if shortcode ?

If so, it might be good to explain on the Changelog that, before updating, users should first check whether they have used the s2If shortcode, because some uses of that shortcode need to be tweaked or else the update will break them.

Thanks!

clavaque · 10 August 2023 17:07

Hi Bill.

Yes, it’s that same thing. I didn’t include details or mention s2If in the changelog, to not describe the vulnerability and how it could be used, allowing more sites to get the fix before it got more known. It doesn’t affect most sites, but it potentially could be a problem for some sites, and I was being careful.

I’ll make a new release with a couple things I got from the other thread.

clavaque · 15 August 2023 11:19

https://s2member.com/s2member-v230815-now-available/