关键漏洞信息 1. Changeset Number: 3423427 2. Timestamp: December 19, 2025 07:42:32 AM 3. Author: divisupreme 4. Version: 2.5.63 5. Key Changes: Updated JSON Handling: Changes in JSON processing logic, potentially to mitigate file upload bypass vulnerabilities. File Inclusion Fixes: Several statements updated, indicating possible security hardening. Conditional Checks: Enhanced conditional checks for JSON uploads, addressing potential bypass issues. 6. Files Modified: CalderaForms: Updates to form handling modules. BusinessHours: Modifications to business hours settings. IconList: Changes in icon list modules. ImageAccordion: Updates to file inclusion paths. 7. Security Notes: JSON Security Enhancement: Adjustments to JSON handling to prevent unauthorized file uploads or content injection. File Upload Bypass Fix: Strengthened file type checks and MIME type handling to block unauthorized file types. 8. Summary: The changeset appears to focus on enhancing JSON processing and file handling security, particularly addressing potential vulnerabilities related to file upload bypass and content injection attacks. These updates are critical for maintaining the integrity and security of the plugin.