Smarty v3.1.39 Release Notes
Release Date: 2021-02-17 // over 3 years ago-
๐ Security
- Prevent access to
$smarty.template_object
in sandbox mode. This addresses CVE-2021-26119. - ๐ Fixed code injection vulnerability by using illegal function names in
{function name='blah'}{/function}
. This addresses CVE-2021-26120.
- Prevent access to
Previous changes from v3.1.38
-
๐ Fixed
- โก๏ธ Smarty::SMARTY_VERSION wasn't updated https://github.com/smarty-php/smarty/issues/628