2016 Nov 1
A tiny update to fix two minor security vulnerabilities and to allow some specific proxy/ssl server configuration.
Your dashboard should also offer you to upgrade your installation today or tomorrow (depending on your settings). There's also a patch for the developers who prefer this method.
CHANGELOG of this release :
Dotclear 2.10.3 - 2016-11-01 =========================================================== * Security: Fix CVE-2016-7903: Password Reset Address Spoof — Thank's Hongkun Zeng for report * Security: Fix CVE-2016-7902: Media Manager, unrestricted File Upload — Thank's Hongkun Zeng for report * CSP: Cope with external sources used in editor's iframe to preview public external content * Fix: Cope with post.post_position field during flat import * Fix: Prevents precondition failed during currently activated theme update * Fix: Remove unecessary header (cope by dotclear) in page plugin * Fix: Let some proxies playing with standard http and https ports * Fix: Let SSL runs through a proxy, it may be ok, sometimes * 🐛 → Various bugs and typos fixed