[Vtigercrm-developers] vtiger CRM 5.0.4 Security Patch Release

Prasad prasad at vtiger.com
Thu Nov 13 07:38:45 PST 2008


Dear vtigers,

We have released a security patch for 5.0.4 that fixes the following
security issues along with some critical bugs reported by the community.

More details can be found in the release notes [VtigerCRM 5.0.4
SecurityPatch_ReleaseNotes<http://www.vtiger.com/products/crm/vtigercrm-504-Security-Patch-Release-Notes.pdf>
].

Security Issues:-
1. Local File Disclosure
2. Cross-Site Scripting
3. SQL injection Vulnerability
4. Arbitrary File Upload

Trac Tickets:-
#5235 <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5235>: Patch Apply:
Timeout settings need change
#5255 <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5255>: Cannot import
more than 500 records
#5307: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5307> Campaign
Related info getting lost
#5298 <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5298>: File attachment
download gets corrupted
#5294 <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5294>: Organization
image upload issue
# <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5231>5231<http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5231>:
Webmail qualify issue
# <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5268>5268<http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5268>:
Homepage dashboard link showing incorrect data in list view
#4847 <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4847>: Problem in
selecting users/groups/profiles from the roles and groups edit view
#5393 <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5393>: Not able to
delete default profiles/roles/users

We thank vtiger community for their support to detect the issues and help us
resolve it. Special thanks to Mark Piper, Fabian Fingerele, and Different
Solutions.

*Patch Download:*
The 5.0.4 Security patch download is available here: [
VtigerCRM5.0.4_SecurityPatch<http://downloads.sourceforge.net/vtigercrm/VtigerCRM504_Security_Patch.zip>
]

*NOTE:* You will need to unpack the zip into your vtiger CRM folder. We
recommend you to take a backup of your directory first before you unpack the
patch.
Regards,
Prasad
vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20081113/efb6675f/attachment-0003.html 


More information about the vtigercrm-developers mailing list