[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix2) Released

Prasad prasad at vtiger.com
Thu Jan 3 16:25:03 GMT 2019


Hot-fix release is determined based on severity of the issue addressed and
likely will not need schema-changes.
So applying the code-changes should work perfectly fine.
--
FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm> I
LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
<https://blogs.vtiger.com> I Website <https://www.vtiger.com/>


On Thu, Jan 3, 2019 at 9:39 PM Sutharsan J <ajstharsan at gmail.com> wrote:

> Hi
>
> That is good. But I feel it would be better to release a minor version
> such as 7.1.1. Because I had issues with clients who installed same version
> at different time, but both behaves magically different.
>
> I can see the hotfix is available separately in download page, it makes
> impression that .1.0 should be patched with hotfix, but you have already
> patched.
>
> Thanks
> Sutharsan Jeganathan
>
> On Thu, Jan 3, 2019 at 7:55 PM Prasad <prasad at vtiger.com> wrote:
>
>> Dear members,
>>
>> Vtiger 7.1.0 (Hotfix2) is now available.
>>
>> Download hotfix: vtigercrm7.1.0-hotifix2.zip
>> <https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/Hotfixes/vtigercrm7.1.0-hotfix2.zip/download>
>>
>> It addresses the security issue where an authenticated user can
>> upload that by-passes the configured bad-file-extensions which
>> could open door for remote-code-execution.
>>
>> Thanks to Özkan Mustafa Akkuş for sharing awareness of the
>> issue with relevant POC that helped to combat it in-time.
>>
>> NOTE:
>>
>>    1. We have patched the 7.1.0 files
>>    <https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/> -
>>    so new downloads doesn't need hotfix2.
>>    2. We recommend you to patch older version (reference to commit
>>    <http://code.vtiger.com/vtiger/vtigercrm/commit/52fc2fb520ddc55949c2fbedaabd61ddd0109375>)
>>    or migrate to 7.1.0
>>
>> If you have more questions please feel free to discuss on this thread.
>>
>> Regards,
>> Prasad
>> Vtiger Team
>> _______________________________________________
>> http://www.vtiger.com/
>
>
>
> --
>
>
>
>
>
>
>
>
>
> *Development Manager Radus28 Software Solution [image: Radus28 Software
> Solution] 123, Level 2, Mc Larens Building Baudhaloka Mw. Colombo 04 Sri
> Lanka M : +94773795291 E  : sutharsan at radus28.com <sutharsan at radus28.com> W
> : www.radus28.com <http://www.radus28.com>*
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190103/1b57a31a/attachment.html>


More information about the vtigercrm-developers mailing list