[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix3) Released
Prasad
prasad at vtiger.com
Wed Apr 3 06:29:41 GMT 2019
Dear members,
Vtiger 7.1.0 (Hotfix3) is now available.
Download hotfix: vtigercrm7.1.0-hotfix3.zip
<https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/Hotfixes/vtigercrm7.1.0-hotfix3.zip/download>
This patch addresses the following:
1. Possibility of SQL injection by authenticated user.
2. Insufficient permission checking on "roleid" parameter during profile
edition <http://code.vtiger.com/vtiger/vtigercrm/issues/1126>
Thanks to Mohnish Dhage and Samuel De Grace for sharing details to help us
get to root-cause and devise the fix.
NOTE:
1. We have patched the 7.1.0 files
<https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/> -
so new downloads doesn't need hotfixes.
2. We recommend you to patch older version (refer commit-1
<http://code.vtiger.com/vtiger/vtigercrm/commit/1e64f796bbef9b1abbed5195893422e7dd43d5b9>
and commit-2
<http://code.vtiger.com/vtiger/vtigercrm/commit/85d90cc9f129a554524eab2e9e3d44c20756393f>
)
or migrate to 7.1.0
If you have more questions please feel free to discuss on this thread.
Regards,
Prasad
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190403/203c2621/attachment.html>
More information about the vtigercrm-developers
mailing list