gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 07:04:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

more detailed description of fixed CVE in 5.1.11

Browse Source
This commit is contained in:
Uwe Steinmann 2019-06-20 08:26:37 +02:00
parent cf3d276913
commit 94ec9f5962
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG
View File

@ -1,10 +1,12 @@
--------------------------------------------------------------------------------
Changes in version 5.1.11
--------------------------------------------------------------------------------
- fix for CVE-2019-12744, add .htaccess file to data directory, better
documentation for installing seeddms
- fix for CVE-2019-12745 and CVE-2019-12801, propperly escape strings used
in Select2 js library used by UsrMgr and GroupMgr
- fix for CVE-2019-12744 (Remote Command Execution through unvalidated
file upload), add .htaccess file to data directory, better documentation
for installing seeddms
- fix for CVE-2019-12745 (Persistent or Stored XSS in UsrMgr) and
CVE-2019-12801 (Persistent or Stored XSS in GroupMgr), propperly escape
strings used in Select2 js library used by UsrMgr and GroupMgr
- do not show attributes in search results in extra column anymore
- fix setting language during login (Closes #437)
- fix indexing documents even if no preIndexDocument hook is set (Closes #437)