Smarty v3.1.39 Release Notes

Release Date: 2021-02-17 // almost 2 years ago
  • 🔒 Security

    • Prevent access to $smarty.template_object in sandbox mode. This addresses CVE-2021-26119.
    • 🛠 Fixed code injection vulnerability by using illegal function names in {function name='blah'}{/function}. This addresses CVE-2021-26120.

Previous changes from v3.1.38