[Vtigercrm-developers] Vtiger CRM 6.4.0 - Security Patch (20160610) Release

Alan Bell alan.bell at libertus.co.uk
Wed Jun 15 09:54:40 GMT 2016 

well this one is quite a cool new feature, allowing "current user" as an 
option in view filters so that people can create public views of "my 
stuff" that work for everyone
http://code.vtiger.com/vtiger/vtigercrm/merge_requests/72

this one makes links in workflow emails clickable in mail clients (it is 
sending html mails, if you don't wrap links in <a href then they are not 
links in modern mail clients)
http://code.vtiger.com/vtiger/vtigercrm/merge_requests/72

this one allows dates in reports to format correctly according to the 
user preference
http://code.vtiger.com/vtiger/vtigercrm/merge_requests/39

this one is quite a simple fix, but only applies if there are multiple 
uitype 10 fields linking to the users module
http://code.vtiger.com/vtiger/vtigercrm/merge_requests/69

this one is quite a simple spelling fix, not a big deal but should be 
easy to review the diff
http://code.vtiger.com/vtiger/vtigercrm/merge_requests/74

I remain rather concerned at using unsalted MD5 hash for portal 
passwords and to hash all the portal user passwords as part of the 
migration (don't run that script twice folks!)

Alan.

On 15/06/16 10:34, Prasad wrote:
> Alan,
>
> If there is a blocker one that need to be picked up - please mention 
> the same here.
>
> --
> FB <http://www.facebook.com/vtiger> I Twit 
> <http://twitter.com/vtigercrm> I LIn 
> <https://www.linkedin.com/company/1270573?trk=tyah> I Blog 
> <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>
> On Wed, Jun 15, 2016 at 2:44 PM, Alan Bell <alan.bell at libertus.co.uk 
> <mailto:alan.bell at libertus.co.uk>> wrote:
>
>     so today is code freeze . . . I have 7 of the 19 outstanding merge
>     requests, will some of these make it in to the release?
>
>     Alan.
>
>
>
>     On 10/06/16 11:42, Prasad wrote:
>>     Dear members,
>>
>>     We released a minor security patch for 6.4.0
>>     (vtigercrm-640-20160610.zip
>>     <https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.4.0/Core%20Product/vtigercrm-640-20160610.zip/download>)
>>     today.
>>     Please download and unzip the same on your 6.4.0 installation.
>>
>>     This patch addresses minor xss
>>     <http://code.vtiger.com/vtiger/vtigercrm/issues/93> and non-admin
>>     access control
>>     <http://code.vtiger.com/vtiger/vtigercrm/commit/7cdf9941197b4aa58114eafce3ce88fb418eb68c> issues
>>     shared by security advisories.
>>     We take this opportunity to thank:
>>
>>       * Sebastian Haas - sebastianhaas.de <http://sebastianhaas.de>
>>       * Tomotaka - JPCERT/CC for assisting us through the process.
>>
>>     Further, we would like to keep you updated with 6.5.0 release plan:
>>
>>       * Jun 15th - Code freeze on 6.5.0
>>       * Jun 4th week - 6.5.0 GA Release
>>
>>     Regards,
>>     Prasad
>>
>>
>>
>>     _______________________________________________
>>     http://www.vtiger.com/
>
>
>     _______________________________________________
>     http://www.vtiger.com/
>
>
>
>
> _______________________________________________
> http://www.vtiger.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20160615/9055b045/attachment-0001.html>

More information about the vtigercrm-developers mailing list