Request Demo

5.8.4

  • June 10, 2021

Security

  • Fixed vulnerability in getprofile.sh not clearing directory before creating profile -JO
  • Fixed SQL injection vulnerability in Bulk Modifications Tool -JO
  • Fixed XSS security vulnerability in about section -JO
  • Fixed security issue for config when upgrading system [TPS#15551] -JO

Updated

  • Updated getprofile.sh to delete a new profile’s folder before generating contents -JO

Fixed

  • Fixed install on newer Debian 9 systems due to default pip version [TPS#15535] -JO
  • Fixed issues with logrotate -JO,DC
  • Fixed getprofile.sh db_host value to properly pull from config.inc.php -JO,DC
  • Fixed restore_xi.sh using relative directory path -JO,DC
  • Fixed the “use” option to properly apply when using the config/contacts API endpoint -SS,JO

Component Updates

Core Config Manager (CCM) 3.1.2

  • Fixed XSS security vulnerability in CCM lock page functionality -JO