Smarty v3.1.39 Release Notes
Release Date: 2021-02-17 // 8 months ago-
๐ Security
- Prevent access to
$smarty.template_objectin sandbox mode. This addresses CVE-2021-26119. - ๐ Fixed code injection vulnerability by using illegal function names in
{function name='blah'}{/function}. This addresses CVE-2021-26120.
- Prevent access to
Previous changes from v3.1.38
-
๐ Fixed
- โก๏ธ Smarty::SMARTY_VERSION wasn't updated https://github.com/smarty-php/smarty/issues/628