[Vtigercrm-developers] Update 16-22 April 2018
nilay khatri
nilay.spartan at gmail.com
Mon Apr 23 08:46:30 GMT 2018
Fixes done and pushed to master:
- removed unused MD5 hash of user password
- default password encryption changed to PHASH
- enforced protection on outgoing server credentials
- sanitization of fieldname in calendar feed
- added protection to SMS Notifier credentials
Interesting issues reported:
- filters with fields from related module does gives error
- storing email contents as plain text in vtiger database - use disk
encryption of database level encryption
- terms and condition form in settings does not have save button - the
save button appears when the contents are edited
Vtiger notified that they are working with some security advisories to
make the system more secure.
Also it was requested to provide more details on the security issues and to
be a contributor rather then a whistleblower, which can create suspicion.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20180423/115e5f4c/attachment.html>
More information about the vtigercrm-developers
mailing list