I got a report from an independent security researcher today, who unfortunately found two vulnerabilities in Kirby 2.1.0. I instantly fixed both issues and released a new version just a couple minutes ago. You can read more about it here: http://getkirby.com/changelog/kirby-2-1-1
I take security very serious and even though it hurts to admit that there are those vulnerabilities, I’m very glad that they have been reported and I was able to fix them quickly.
I can only encourage you to update your sites immediately!
Please let me know if you got any questions or concerns!
Perhaps this post should be pinned on top. Maybe it would be a good idea to have some sort of specific post for critical updates, and to act as a more “live” changelog.
On re-reading the bulletin, both seem to concern pretty specific panel settings with either panel or FTP access. I suspect the panel module wasn’t as widely used in Kirby 1 than Kirby 2.
FYI: Kirby 2.1.1 seems to be incompatible with the kirbycms-extension-image plugin. I get this error:
Parse error: syntax error, unexpected '[' in /Users/xxx/Sites/xxx/site/plugins/kirbycms-extension-image/kirbycms-extension-image-lib-block-object.php on line 88
I filed an issue on github. Hope this can be fixed soon…
Update: The problem does occur only on PHP 5.3. On PHP 5.6 it works fine.
Edit: ok, I realized you were referring to the plugin by @fanningert. Could you pls.post a link to the extensions you are referring to next time? Thanks.