Last night a crucial security flaw was discovered in the checkout process of Easy Digital Downloads and fixed immediately. Version 1.4.4.2 was pushed out and takes care of the issue. Please update immediately if you are on less than 1.4.4.2.
Due to the nature of the flaw, we cannot go into detail about exactly what the flaw was or how it could be exploited, but it had to do with user accounts and it was severe. The flaw permitted an experienced user who knew exactly what they were doing (and knew how to exploit the issue) to potentially gain admin access to sites running specific versions of EDD with specific configurations.
EDD versions affected: 1.4.2 – 1.4.4.1.
Version 1.4.4.2 fixes the problem
The flaw was discovered by Adam of Mint Themes, who, thankfully, reported it immediately, allowing us to send out a patch within 30 minutes of the discovery.
Thanks for the recent updates Pippin.
I have discovered a couple of bugs that have been getting me very frustrated. Where is the best place to report them?
If they are believed to be actual bugs then submit them to github. If they are tech support issues, then post on the support forums.