Dear customers and PHP Melody users.
We’ve recently received reports of code vulnerabilities in the latest PHP Melody release. As a result a patch was made available today.
The vulnerabilities are of medium to low severity and would require enhanced user permissions (e.g. admin or editor) to be exploited.
In short, your PHP Melody website is still “safe”! Nevertheless, we recommend patching it ASAP.
The patch is now available in your customer account under the Download Updates page.
All our codebase was updated today so, if you are updating from v2.x to v3.x you do not need to apply this patch. The same is true for new installations. All these packages are, of course, patched.
For any inquiries please don’t hesitate to contact our support. Thank you very much!
P.S. A sincere thank you goes to the Vulnerability-lab.com for sending in their findings and detailed report.