Dear vtigers,<br><p>We have released a security patch for 5.0.4 that fixes the following
security issues along with some critical bugs reported by the
community. <br></p><p>More details can be found in the release notes [<a href="http://www.vtiger.com/products/crm/vtigercrm-504-Security-Patch-Release-Notes.pdf">VtigerCRM 5.0.4 SecurityPatch_ReleaseNotes</a>].</p>
<p>Security Issues:-<br>
1. Local File Disclosure<br>
2. Cross-Site Scripting<br>
3. SQL injection Vulnerability<br>
4. Arbitrary File Upload</p>
<p>Trac Tickets:-<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5235">#5235</a>: Patch Apply: Timeout settings need change<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5255">#5255</a>: Cannot import more than 500 records<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5307">#5307:</a> Campaign Related info getting lost<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5298">#5298</a>: File attachment download gets corrupted<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5294">#5294</a>: Organization image upload issue<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5231">#</a><a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5231">5231</a>: Webmail qualify issue<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5268">#</a><a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5268">5268</a>: Homepage dashboard link showing incorrect data in list view<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/4847">#4847</a>: Problem in selecting users/groups/profiles from the roles and groups edit view<br>
<a href="http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/5393">#5393</a>: Not able to delete default profiles/roles/users</p>
<p>We thank vtiger community for their support to detect the issues and
help us resolve it. Special thanks to Mark Piper, Fabian Fingerele, and
Different Solutions.</p>
<p><strong>Patch Download:</strong><br>
The 5.0.4 Security patch download is available here: [ <a href="http://downloads.sourceforge.net/vtigercrm/VtigerCRM504_Security_Patch.zip">VtigerCRM5.0.4_SecurityPatch</a>]</p>
<p><strong>NOTE:</strong> You will need to unpack the zip into your
vtiger CRM folder. We recommend you to take a backup of your directory
first before you unpack the patch.</p>Regards,<br>Prasad<br>vtiger Team<br>