We’ve released version 1.8.2 of FixMyStreet, along with versions 1.7.1 and 1.6.2.
These releases include an important security fix, whereby a malicious user could craft an image upload to the server that allowed them to run external commands as the user running the site. Please update your installation as soon as possible.
Version 1.8.2 also contains other improvements and additions to existing features:
- Twitter social login, alongside the existing Facebook login;
- PNG and GIF image upload support;
- Some development improvements, including the final merging of
fixmystreettemplates, storing any Open311 error in the database, and tidying up some unused cobrands;
- A few bug fixes, such as showing the right body user form value for fixed reports (thanks Jon Kristensen).
See the full list of changes over on GitHub.