This is a tiny albeit important update that fixes a security issue with timthumb.php which can be found inside the “lib” folder within DukaPress.
We use timthumb.php to resize images. It turns out that there is a grave security risk with using an unmodified timthumb.php. The vulnerability is described here.
Fortunately, fixing this is simple. You need to open up timthumb.php and change Line 27 to look like this:
$allowedSites = array ();
Please take note of the empty parentheses above.
Alternatively, you can download and install DukaPress version 2.3.2