Jump to content


X2Josef

Member Since 04 Mar 2016
Offline Last Active Feb 08 2019 08:56 AM
-----

Topics I've Started

Error 500 with openssl_decrypt() when updating to 7.1 Fix

10 January 2019 - 02:26 PM

You may need to re-generate your encryption.iv and encryption.key files in protected/config. You can do this by deleting these files (the app should then re-create them or you can manually create them by running protected/yiic cryptsetup).

- X2Peter

 

(See http://community.x2c...updating-to-71/)


X2CRM Security Fixes

03 October 2018 - 04:55 PM

It has been brought to our attention that three vulnerabilities were found in our app. Please take the chance to look over the following fixes for these vulnerabilities and apply them to your installations. These fixes will also be included in our next version. 

 

Fixes: 

  1. Exception handling for invalid input to prevent SQL injection from the ActionHistoryChartWidget
  2. Permission check for Arbitrary file download via the global export in the admin control panel and when exporting themes
  3. Field purification when processing requests to prevent cross-site scripting (XSS)

Files:

Pull Request:

https://github.com/X.../X2CRM/pull/160

 

Make sure to take backups before applying any of these changes of course!

 

 

 

Thank you to SYSDREAM for bringing these vulnerabilities to our attention