sanitizeShellString() and other security improvements

docs/v4/security.html

@@ -44,8 +44,8 @@
             <div class="text">
               <h2>Command Injection Vulnerability</h2>
               <p><span class="bold">Affected versions:</span>
-                &lt; 4.34.13<br>
-                <span class="bold">Date:</span> 2021-03-14<br>
+                &lt; 4.34.17<br>
+                <span class="bold">Date:</span> 2021-03-15<br>
                 <span class="bold">CVE indentifier</span> -
               </p>
 
@@ -53,7 +53,7 @@
               <p>We had an issue that there was a possibility to perform a potential command injection possibility by passing a manipulated string prototype as a parameter to the following functions. Affected commands: <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span>.</p>
 
               <h4>Patch</h4>
-              <p>Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.13 if you are using version 4.</p>
+              <p>Problem was fixed with additional parameter checking. Please upgrade to version >= 4.34.17 if you are using version 4.</p>
 
               <h4>Workarround</h4>
               <p>If you cannot upgrade, be sure to check or sanitize parameter strings that are passed to <span class="code">inetLatency()</span>, <span class="code">inetChecksite()</span>, <span class="code">services()</span>, <span class="code">processLoad()</span> (string only)</p>