Hello,
TLDR: Prior to a few days ago, AjaxFlexibleFileUpload (and
ERAttachmentFlexibleUpload which uses it) had a rather large security hole in
it. If you use this component, you should update to the recently released
Wonder 6.1.5 or to HEAD for Wonder 7, both of which contain the fix.
A few
Dear List
This is just documentation for a problem that we encountered after upgrading to
the latest Wonder.
We had an upload component inside of and AMD and AjaxUpdateContainer, like this
wo:AjaxUpdateContainer id = uploadContainer
wo:ERAttachmentFlexibleUpload injectDefaultCSS = $false