Today we propose the following patch to fix a number of vulnerabilities in core functionalities, in anticipation of the 1.3.10 release that will include them as well. Apply this patch on top of an existing 1.3.9 setup to get the latest security update.
This patch file replaces existing files in your ImpressCMS 1.3.9 installation in order to fix the reported vulnerabilities. Simply unzip the file in the root of your site (where mainfile.php resides). If you are not yet using ImpressCMS 1.3.9, but an older version, we recommend you upgrade your site to that latest version - ImpressCMS 1.3.9 (and apply the patch after that). Newer versions include code fixes for bugs and vulnerabilities of the previous versions.
This patch fixes the following vulnerabilities: