PKP announces the release of OJS 3.1.1-2.
These are bugfix releases, notably correcting a reflected XSS vulnerability:
- OJS 3.0.0 to 3.1.1-1: Issue #3785 28 (also Bootstrap and Health Sciences themes)
This type of vulnerability requires some social engineering to take advantage of, and runs client-side, so does not present a high risk. However, it is worth correcting if you’re running an affected release (and we always recommend staying up to date). If you are unable to upgrade to the latest release, there are patch instructions at the links above.
To download OJS 3.1.1-2, and for information on upgrading from previous releases, please see http://pkp.sfu.ca/ojs_download 15
See PKP Applications and Security 4 for general information on security.
Thanks to Metamorfosec for discovery & reporting of the XSS issues.