[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix2) Released
prasad at vtiger.com
Thu Jan 3 14:23:52 GMT 2019
Vtiger 7.1.0 (Hotfix2) is now available.
Download hotfix: vtigercrm7.1.0-hotifix2.zip
It addresses the security issue where an authenticated user can
upload that by-passes the configured bad-file-extensions which
could open door for remote-code-execution.
Thanks to Özkan Mustafa Akkuş for sharing awareness of the
issue with relevant POC that helped to combat it in-time.
1. We have patched the 7.1.0 files
so new downloads doesn't need hotfix2.
2. We recommend you to patch older version (reference to commit
or migrate to 7.1.0
If you have more questions please feel free to discuss on this thread.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vtigercrm-developers