[Vtigercrm-developers] IMP: kcfinder library security fix - to overcome LFD.

Uma S uma.s at vtiger.com
Fri Feb 28 12:21:18 GMT 2014


Thanks to Portcullis security advisories who were kind enough in providing
the details
and assistance to get the security hole fixed that existed with kcfinder
library
packaged in earlier version of Vtiger CRM.

*Summary*:
kcfinder was letting the authencticated (logged in) CRM user gain access to
readable files outside the web-directory on the server.

*Update*:
The fix devised to kcfinder (at
changeset<http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/14021>)
will restrict access to files outside
web-directory on the server now.

*Download:*
vtigercrm-600-security-patch1.zip
<https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip/download>(unzip
into your existing vtiger 6 source directory).


-- 
With
Best Regards
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140228/2d0e19a7/attachment.html>


More information about the vtigercrm-developers mailing list