playSMS 1.4.3 has been released

playSMS version 1.4.3 contains bugfixes and security fixes. Lucas Rosevear of NCC Group reported the security vulnerability and suggested a way to fix it.

I consider the vulnerability as severe and I recommend everyone to upgrade playSMS installation as soon as possible.

playSMS version 1.4.3 is available for download here: https://sourceforge.net/projects/playsms/files/playsms/Version%201.4.3/playsms-1.4.3.tar.gz/download

SECURITY FIXES

  • sanitize inputs from malicious string
  • sanitize last posts from unwanted chars
  • update playsms/tpl package
  • increase generated password length
  • increase generated password complexity

BUGFIXES

anton

Thank you so much for your product, thanks for developing it.

Regards,
Jamshid Tursunov

Hi,

Are there upgrade instructions somewhere?

Regards,
Walter

Hi,

You can upgrade from 1.4.2 by replacing all files with new one, and then insert upgrade from 1.4.2 to 1.4.3 db file.

Replace all php and html files, and also don’t forget to replace playsmsd.php. Do not insert wrong upgrade db file. Make backup when possible.

Pretty much like this article, only its from 1.4.2 to 1.4.3 (and of course use your actual path):
https://help.playsms.org/en/installation/upgrades/upgrade_from_version_14_to_142.html

I haven’t got time to update the help article.

anton