Jump to content


X2Josef

Member Since 04 Mar 2016
Offline Last Active Jan 10 2019 02:26 PM
-----

#15441 Error 500 with openssl_decrypt() when updating to 7.1 Fix

Posted by X2Josef on 10 January 2019 - 02:26 PM

You may need to re-generate your encryption.iv and encryption.key files in protected/config. You can do this by deleting these files (the app should then re-create them or you can manually create them by running protected/yiic cryptsetup).

- X2Peter

 

(See http://community.x2c...updating-to-71/)




#15097 X2CRM Security Fixes

Posted by X2Josef on 03 October 2018 - 04:55 PM

It has been brought to our attention that three vulnerabilities were found in our app. Please take the chance to look over the following fixes for these vulnerabilities and apply them to your installations. These fixes will also be included in our next version. 

 

Fixes: 

  1. Exception handling for invalid input to prevent SQL injection from the ActionHistoryChartWidget
  2. Permission check for Arbitrary file download via the global export in the admin control panel and when exporting themes
  3. Field purification when processing requests to prevent cross-site scripting (XSS)

Files:

Pull Request:

https://github.com/X.../X2CRM/pull/160

 

Make sure to take backups before applying any of these changes of course!

 

 

 

Thank you to SYSDREAM for bringing these vulnerabilities to our attention




#13631 Mail Setup Failure on WHM / CPanel, CentOS

Posted by X2Josef on 08 August 2017 - 12:20 PM

You'll have to set up a third party app email account password (e.g., Gmail's "App" Password) and use that instead to verify your credentials.




#12775 Live Chat

Posted by X2Josef on 23 January 2017 - 10:01 PM

Hey Eugene, 

 

 

This feature does sound great. Such a feature will be considered in a future release.

 

 

 

Cheers,

 

Josef