Dear foodsoft users,
A security vulnerability has been found in foodsoft 3.2.0. This has been fixed in foodsoft 3.2.1, which was released today. Everyone who is running a foodsoft installation is invited to update as soon as possible.
https://github.com/foodcoops/foodsoft/tree/v3.2.1
Scope: existing users could leverage admin privileges.
If your group only has accounts for a group of trusted members, this issue is not so serious. If you offer ‘guest’ or ‘demo’ accounts or allow public signup (using the signup plugin), you are advised to take action immediately.
Apologies for the inconvenience.
Kind regards,
- Willem