尊敬的 Discuz! X 用户,您好!
Dear Discuz! X users, hello!
Recently, Discuz! Security Center discovered a high-risk security issue, **this security issue will lead to security risks in some sites**. Accounts can be illegally controlled in specific ways through specially configured or designed requests.
**We hope that more security personnel will join the work of maintaining Discuz! X program security. **
Vulnerability Details
For technical details, see: https://paper.seebug.org/1144/
For details on security patches: https://gitee.com/Discuz/DiscuzX/pulls/1315
Risk level
high
Affect version
Discuz! X3.1 to Discuz! X3.4 Release 20211022
Safe version
Discuz! X3.4 Release 20211124
Repair suggestion
1. The vulnerability has been officially fixed, and affected users are advised to upgrade to the latest version as soon as possible: https://gitee.com/Discuz/DiscuzX/attach_files
2. Users who cannot upgrade to the latest version can refer to https://gitee.com/Discuz/DiscuzX/pulls/1315 to modify the site files.
【Remarks】: It is recommended that you do a good job of data backup before upgrading, test and evaluate the business operation status to avoid accidents
For more details, please read the Discuz! X Security Bulletin below.
近日,Discuz! 安全中心发现一个高风险安全问题,**本安全问题将导致部分站点存在安全隐患**。通过特殊配置或设计的请求可以通过特定方式非法控制账号。
**在此希望更多的安全人员加入到维护 Discuz! X 程序安全的工作中来。**
漏洞详情
技术细节详见:https://paper.seebug.org/1144/
安全补丁详见: https://gitee.com/Discuz/DiscuzX/pulls/1315
风险等级
高
影响版本
Discuz! X3.1 至 Discuz! X3.4 Release 20211022
安全版本
Discuz! X3.4 Release 20211124
修复建议
1. 目前官方已修复该漏洞,建议受影响的用户尽快升级至最新版本:https://gitee.com/Discuz/DiscuzX/attach_files
2. 无法升级最新版本的用户,可以参考 https://gitee.com/Discuz/DiscuzX/pulls/1315 修改站点文件。
【备注】:建议您在升级前做好数据备份工作,测试并评估业务运行状况,避免出现意外
更详细的内容请阅读下方的 Discuz! X 安全公告 进行了解。