We plan to release a 4.2.0 patch to fix a critical security vulnerability this weekend, which also exists in prior versions.
We have committed the fix in the following two commits in the development codebase:
The fix does have the potential to unmask bugs in the code (albeit unlikely), so we are asking the community to test out the development codebase as much as possible over the next two days and report any new bugs you note. The fix affects the entire codebase, so testing everything you can is recommended. I have reset both of the development demos here to use this new code: http://www.open-emr.org/wiki/index.php/Development_Demo#Daily_Build_Development_Demo
To secure your system in the meantime before the official patch comes out, download the updated version of this file (interface/globals.php) and replace the copy on your system.
If you are using a version prior to 4.2.0, then here are the changes that you need to be make to interface/globals.php (note the specifics of the security vulnerability will be publicly disclosed in the near future, so recommend fixing this ASAP):
Another 4.2.0 critical patch is in the works, which will also require release of new installation packages (since it affects the install process).
Here is the related commit just committed to sourceforge:
If you can, please test it out and let us know if any issues. This is a critical security fix, so goal is to get patch and packages released by end of this week.
If you see following error:
FATAL ERROR: crypt() function is not working correctly in OpenEMR