Securimage 3.6.4 Released

No Comments » Written on March 3rd, 2016 by
Categories: Uncategorized

Securimage 3.6.4 has been released to address an XSS vulnerability in example_form.ajax.php (an example included with Securimage) which could allow an attacker to inject arbitrary Javascript code via a crafted URL. Users directed to the malicious URL could have cookies or other sensitive information exposed, or have more dangerous Javascript code executed. Thanks to RedTeam for discovering the flaw.

It is recommended to update to 3.6.4 as soon as possible, or delete example_form.ajax.php from your Securimage directory.

Additionally, version 3.6.3 adds support for the following:

  • Add support for multibyte wordlist files
  • Fix code generation issues with UTF-8 charsets
  • Add parameter to getCaptchaHtml() to render components of captcha HTML individually for easier customization
  • Fix database audio storage issue with multiple namespaces

Version 3.5.2 Released

Comments Off on Version 3.5.2 Released Written on February 15th, 2014 by
Categories: Uncategorized

Securimage 3.5.2 has been released which includes new features and some improvements and fixes.

New Features:

  • Add getCaptchaHtml() method for automatically generating HTML code for forms.
  • Add getTimeToSolve() method for telling how long it took for the captcha to be solved (correctly or incorrectly).
  • Font ratio can be adjusted manually to fit the text into the image better for smaller images
  • Securimage was added to packagist.org.
  • The SoX (Swiss Army knife of audio manipulation) binary can be used to effect the audio files dynamically to make them more difficult for bots to solve.

If you use an older version, consider upgrading to 3.5.2, and new users should download 3.5.2.