I just released FireStats 1.6.2, the most significant change is the patching of two potential security vulnerabilities.
I strongly advice everyone to upgrade to the latest version.
there have been two exploits:
- attempting to include remote files. in order for it to be effective, your server has to be improperly configured and to allow url file inclusion via inclue(). most servers are not vulnerable, but regardless – I took it very seriously and implemented a whitelist to prevent any such attempts.
- possible SQL injection.
besides those important security updates, I fixed quite a few bugs in this release. check the changelog for full detail.