Kirby 2.0.2

After the release of 2.0.1 yesterday we didn't expect to be coming up with a new release within the next two weeks. Unfortunately we just got a report of a serious security issue, so we wanted to get a fix for this out to you as soon as possible.

With Kirby 2's new user roles it is possible to create frontend users, who have access to certain locked parts of your website (such as a client download area) but are not allowed to login to the panel to make changes to the website. You can find more in the docs about it here: http://getkirby.com/docs/panel/roles

Unfortuntaley there was a security hole in the panel which allowed logged in frontend users to manually modify the URL to get access to the panel. As this feature is brand new and your frontend users have to be logged in and know how to modify the URLs to get access, the chances are very low that this might affect your site.

It is still a serious issue and we recommend that you update your installation immediately — especially if you are working with frontend authentication.

The security update is now available on http://download.getkirby.com and on Github.

Please read the update instructions for further help with this release.

We are very sorry for not finding this hole earlier! Please get in contact if you've got questions about this release: support@getkirby.com

Our partners

CDN by KeyCDN Search by Algolia

Top