Smarty v3.1.39 Release Notes
Release Date: 2021-02-17 // almost 2 years ago-
🔒 Security
- Prevent access to
$smarty.template_object
in sandbox mode. This addresses CVE-2021-26119. - 🛠 Fixed code injection vulnerability by using illegal function names in
{function name='blah'}{/function}
. This addresses CVE-2021-26120.
- Prevent access to
Previous changes from v3.1.38
-
🛠 Fixed
- ⚡️ Smarty::SMARTY_VERSION wasn't updated https://github.com/smarty-php/smarty/issues/628