Latest release notes: This release introduces significant security improvements, so that the plugin prevents the upload of potentially dangerous files that may compromize and take control of the system and also protect against upload overflow attacks.

There has been a change of policy regarding the allowed file extentions. A comprehensive list of extensions is now forbidden that mostly relate to code / script / executable files. Furthermore, administrators are strongly recommended to define white lists of allowed extensions using uploadpatterns attribute if they haven't already done so. This will prevent unnecessary or irrelevant files to be uploaded. If they do not specify allowed extensions, then the plugin will allow only specific ones, based on the plugin's default white list.

Another new security feature is protection against Denial-Of-Service (DOS) attacks, in order to prevent crashing of the website due to overflow of files. To do this the plugin continuously monitors the number of files uploaded within a specific time period. If too many files are uploaded then the plugin stops the uploads and automatically notifies the administrator with an email message.


For more details about this version's changes please visit the Release Notes of the plugin's support page.