<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Dear members,</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Vtiger 7.1.0 (Hotfix3) is now available.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Download hotfix: <a href="https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/Core%20Product/Hotfixes/vtigercrm7.1.0-hotfix3.zip/download" target="_blank">vtigercrm7.1.0-hotfix3.zip</a><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">This patch addresses the following:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><ol><li>Possibility of SQL injection by authenticated user. </li><li><a href="http://code.vtiger.com/vtiger/vtigercrm/issues/1126" target="_blank">Insufficient permission checking on "roleid" parameter during profile edition</a></li></ol></div><div style="box-sizing:border-box;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px"><div class="m_5686567200836328685gmail-description m_5686567200836328685gmail-js-task-list-container" style="box-sizing:border-box"><div class="m_5686567200836328685gmail-wiki" style="box-sizing:border-box;font-size:15px;line-height:1.5"><span style="font-family:arial,helvetica,sans-serif;font-size:small">Thanks to Mohnish Dhage and Samuel De Grace for sharing details to help us get to root-cause and devise the fix.</span><br></div></div></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">NOTE:</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><ol><li>We have patched the <a href="https://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%207.1.0/" target="_blank">7.1.0 files</a> - so new downloads doesn't need hotfixes.</li><li>We recommend you to patch older version (refer <a href="http://code.vtiger.com/vtiger/vtigercrm/commit/1e64f796bbef9b1abbed5195893422e7dd43d5b9" target="_blank">commit-1</a> and <a href="http://code.vtiger.com/vtiger/vtigercrm/commit/85d90cc9f129a554524eab2e9e3d44c20756393f" target="_blank">commit-2</a> ) or migrate to 7.1.0</li></ol></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><div><font face="arial, helvetica, sans-serif">If you have more questions please feel free to discuss on this thread.</font></div></div><br class="m_5686567200836328685gmail-Apple-interchange-newline"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Regards,<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Prasad</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Vtiger Team</div></div></div>