[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix2) Released
Sutharsan J
ajstharsan at gmail.com
Thu Jan 3 16:06:25 GMT 2019
Hi
That is good. But I feel it would be better to release a minor version such
as 7.1.1. Because I had issues with clients who installed same version at
different time, but both behaves magically different.
I can see the hotfix is available separately in download page, it makes
impression that .1.0 should be patched with hotfix, but you have already
patched.
Thanks
Sutharsan Jeganathan
On Thu, Jan 3, 2019 at 7:55 PM Prasad <prasad at vtiger.com> wrote:
> Dear members,
>
> Vtiger 7.1.0 (Hotfix2) is now available.
>
> Download hotfix: vtigercrm7.1.0-hotifix2.zip
> <https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/Hotfixes/vtigercrm7.1.0-hotfix2.zip/download>
>
> It addresses the security issue where an authenticated user can
> upload that by-passes the configured bad-file-extensions which
> could open door for remote-code-execution.
>
> Thanks to Özkan Mustafa Akkuş for sharing awareness of the
> issue with relevant POC that helped to combat it in-time.
>
> NOTE:
>
> 1. We have patched the 7.1.0 files
> <https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/> -
> so new downloads doesn't need hotfix2.
> 2. We recommend you to patch older version (reference to commit
> <http://code.vtiger.com/vtiger/vtigercrm/commit/52fc2fb520ddc55949c2fbedaabd61ddd0109375>)
> or migrate to 7.1.0
>
> If you have more questions please feel free to discuss on this thread.
>
> Regards,
> Prasad
> Vtiger Team
> _______________________________________________
> http://www.vtiger.com/
--
*Development Manager Radus28 Software Solution [image: Radus28 Software
Solution] 123, Level 2, Mc Larens Building Baudhaloka Mw. Colombo 04 Sri
Lanka M : +94773795291 E : sutharsan at radus28.com <sutharsan at radus28.com> W
: www.radus28.com <http://www.radus28.com>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190103/82586c17/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo_web.png
Type: image/png
Size: 15612 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190103/82586c17/attachment-0001.png>
More information about the vtigercrm-developers
mailing list