gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 07:04:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add notes about fixed vulnerabilities in 5.1.18

Browse Source
This commit is contained in:
Uwe Steinmann 2018-06-28 12:38:57 +02:00
parent 0926009d3f
commit 447588979e
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG
View File

@ -6,6 +6,16 @@
- fix validation of maxuplodsize in fine uploader
- do not leak information in calendar about documents the logged in user has
no read access on
- fix vulnerability when uploading a new file with the fine uploader, make
sure the chunk identifier contains only allowed chars '[0-9a-f-]' (CVE )
- fix vulnerability when clearing the cache, make sure the cache directory
to clean actually exists. (CVE )
- prevent cross side scripting when loading the dashboard, removed dashboard
as it was never finished anyway (CVE )
- prevent cross side scripting when url parameter 'action' is manipulated,
url parameter is run through htmlspecialchars() before output (CVS )
- fix possible sql-injection, do not use integers in sql statement without
casting them to int before (CVE )
--------------------------------------------------------------------------------
Changes in version 5.1.7