Log Message:
Update to 1.3.7

Changelog:
* [Security fix] Access restriction bypass for admin account
* [Security fix] Code injection to execute arbitrary PHP code