[Vtigercrm-developers] Vtiger CRM Open Source – Security Patch for 5.4.0 and 6.0.0

Prasad prasad at vtiger.com
Tue Sep 16 04:01:45 GMT 2014 

Ian,

The patch enforces strict check on accessing resources of the CRM.
Before reaching the conclusions - let us review the setup and access
details.

Make sure your site_URL matches the way you access from browser. Mismatch
leads to"Illegal request" error

Regards,
Prasad

*Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I* Facebook
<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I* Blog
<https://blogs.vtiger.com/>* I* Wiki
<http://wiki.vtiger.com/index.php/Main_Page> *I *Forums
<https://discussions.vtiger.com>*I* Website <https://www.vtiger.com/>

On Tue, Sep 16, 2014 at 8:48 AM, Ian Stern <i4629193 at gmail.com> wrote:

> Andrew thanks for advice. clearing cache help in my workstation but all
> ipads and androids have still no access to crm. Vtiget issued bug not patch!
>
> ian
>
> On Tue, Sep 16, 2014 at 7:30 AM, SIAM Translations <
> info at siam-translations.com> wrote:
>
>> As an additional help to this issue I report as follow:
>>
>> I installed new copy of 6.0 on same server. Changed in config.inc.php
>> database to the one what patch were installed. This version works on the
>> other machine within my office but not on the machine I experienced problem
>> first time. Shared element is that I applied same admin credential in new
>> installation as in the patched one. Confused a lot ...
>>
>> As
>>
>>
>>
>>
>> On Tue, Sep 16, 2014 at 6:51 AM, SIAM Translations <
>> info at siam-translations.com> wrote:
>>
>>> Morning, I overwrite patched files with original ones and the error
>>> still here. It means that previously uploaded patch changed something out
>>> of bunch of patched files. Waiting for your solution guys.
>>>
>>> Andrew Smith
>>>
>>>
>>>
>>>
>>> On Mon, Sep 15, 2014 at 10:12 PM, Ian Stern <i4629193 at gmail.com> wrote:
>>>
>>>> I have same error. Cou,ld you share solution if found?
>>>>
>>>> Ian
>>>>
>>>> On Mon, Sep 15, 2014 at 7:50 PM, SIAM Translations <
>>>> info at siam-translations.com> wrote:
>>>>
>>>>> applied patch to 6.0 and got: {"success":false,"error":{"code":"Illegal
>>>>> request","message":"Illegal request"}}
>>>>> Can do nothing right now. Any clue?
>>>>>
>>>>> Andrew Smith
>>>>>
>>>>>
>>>>> On Mon, Sep 15, 2014 at 6:12 PM, Prasad <prasad at vtiger.com> wrote:
>>>>>
>>>>>> Dear members,
>>>>>>
>>>>>> If you’re using Vtiger CRM Open Source versions 5.4.0 or 6.0.0, we
>>>>>> recommend that you apply the below listed security patch to plug up a CSRF
>>>>>> vulnerability that was recently discovered.
>>>>>>
>>>>>> We would like to thank the numerous security organizations that
>>>>>> identified and reported the issue to us. We would also like to extend our
>>>>>> thanks to Sanehdeep Singh at ControlCase International Pvt. Ltd for direct
>>>>>> assistance with isolating and fixing the issue.
>>>>>>
>>>>>> You can download the security patch here:
>>>>>>
>>>>>>    - vtigercrm-600-security-patch3.zip
>>>>>>    <http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Core%20Product/vtigercrm-600-security-patch3.zip/download>
>>>>>>    - VtigerCRM540_Security_Patch4.zip
>>>>>>    <http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/VtigerCRM540_Security_Patch4.zip/download>
>>>>>>
>>>>>> Regards,
>>>>>> Vtiger Team
>>>>>>
>>>>>> *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I*
>>>>>> Facebook
>>>>>> <http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I*
>>>>>> Blog <https://blogs.vtiger.com/>* I* Wiki
>>>>>> <http://wiki.vtiger.com/index.php/Main_Page> *I *Forums
>>>>>> <https://discussions.vtiger.com>*I* Website <https://www.vtiger.com/>
>>>>>>
>>>>>> _______________________________________________
>>>>>> http://www.vtiger.com/
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>>
>>>
>>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140916/add8fded/attachment.html>

More information about the vtigercrm-developers mailing list