[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix2) Released

Prasad prasad at vtiger.com
Thu Jan 3 14:23:52 GMT 2019

Dear members,

Vtiger 7.1.0 (Hotfix2) is now available.

Download hotfix: vtigercrm7.1.0-hotifix2.zip

It addresses the security issue where an authenticated user can
upload that by-passes the configured bad-file-extensions which
could open door for remote-code-execution.

Thanks to Özkan Mustafa Akkuş for sharing awareness of the
issue with relevant POC that helped to combat it in-time.


   1. We have patched the 7.1.0 files
   <https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/> -
   so new downloads doesn't need hotfix2.
   2. We recommend you to patch older version (reference to commit
   or migrate to 7.1.0

If you have more questions please feel free to discuss on this thread.

Vtiger Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190103/ca45a43c/attachment.html>

More information about the vtigercrm-developers mailing list