During the recent holidays, a medium level vulnerability was discovered in DOCman. We found a query that wasn’t being properly escaped and could lead to an SQL Injection. There is no known exploit for this vulnerability and it would be very difficult to create one because there are other security measures in place.
At Joomlatools we are fanatic about security and even if DOCman 1.5.9 has recently been released, we recommend upgrading to 1.5.10 just to be on the safe side.
This vulnerability affects all versions of DOCman prior to 1.5.10. So if you’re using 1.5.9 or older, please upgrade to 1.5.10. If you’re using 1.4.1 or older, please upgrade to 1.4.2.
How to upgrade if you’re using 1.5.9 or older
If you have purchased DOCman 1.5.x in our Joomlatools Store, you are automatically entitled to all 1.5.x updates. These are sent to you by email.
If you haven’t received your copy yet:
- Check your spam filter
- Allow our email queue a few more hours to send out all emails
- Contact our support at firstname.lastname@example.org
We recently had an issue with our email notifications which are being run through Fetchapp. Some of our customers have received numerous emails notifying them about the 1.5.10 upgrade. We sincerely apologize for that!
The process that sends out our 1.5.10 release notification emails was timing out and being restarted automatically. Resulting in recurring emails being send to our customers. Thanks to the help of the support staff of Fetchapp the issue has been identified and is being fixed.
How to upgrade if you’re using 1.4.1 or older
DOCman 1.4.x will always be free of charge, and is still receiving security updates. However, it is no longer officially supported, and will not receive bug fix updates. There are two options:
- Update to DOCman 1.4.2 for free
- Upgrade to DOCman 1.5.10 for the price of lunch and a coffee. Upgrading is painless and preserves your data. You will get updates to all 1.5.x releases, including technical support by our professional support engineers. And of course you are supporting a quality GPL-licensed Joomla extension!
Please see the README for upgrade instructions to DOCman 1.5.10.