[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix2) Released
Prasad
prasad at vtiger.com
Thu Jan 3 14:23:52 GMT 2019
Dear members,
Vtiger 7.1.0 (Hotfix2) is now available.
Download hotfix: vtigercrm7.1.0-hotifix2.zip
<https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/Hotfixes/vtigercrm7.1.0-hotfix2.zip/download>
It addresses the security issue where an authenticated user can
upload that by-passes the configured bad-file-extensions which
could open door for remote-code-execution.
Thanks to Özkan Mustafa Akkuş for sharing awareness of the
issue with relevant POC that helped to combat it in-time.
NOTE:
1. We have patched the 7.1.0 files
<https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/> -
so new downloads doesn't need hotfix2.
2. We recommend you to patch older version (reference to commit
<http://code.vtiger.com/vtiger/vtigercrm/commit/52fc2fb520ddc55949c2fbedaabd61ddd0109375>)
or migrate to 7.1.0
If you have more questions please feel free to discuss on this thread.
Regards,
Prasad
Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190103/ca45a43c/attachment.html>
More information about the vtigercrm-developers
mailing list