We have been informed of a vulnerability in the 3rd-party JBImages tool that is included in some releases of PKP software.
This does not affect OJS, OMP, or OPS 3.2.0 and newer. If you are running those releases, no changes are necessary.
See https://github.com/pkp/pkp-lib/issues/5871 for complete details, including ways to resolve the problem. While we are not aware of active abuse of the vulnerability, resolving it should be considered a high priority.
Public Knowledge Project Team