DOCman Security Announcement

Joomlatools would like to announce the immediate availability of DOCman v1.4.0RC2.

Recently, a CSRF vulnerability was discovered in DOCman. An attacker can have the same access permissions as the administrator. In the right circumstances, this can be exploited to change data or obtain shell access. All 1.3.x versions, as well as 1.4.0BETA2 and 1.4.0RC1 are vulnerable. Therefore it is recommended to all users to upgrade to the new v1.4.0RC2.

Please visit http://blog.joomlatools.org/2008/02/docman-security-announcement.html to read the full announcement, as well as upgrade instructions.