eFront build 18023 is now available

News & Announcements directly from the eFront team

eFront build 18023 is now available

Postby makriria » Tue Mar 24, 2015 10:24 am

Greetings to the community

A new patch release for 3.6.15 is released. It contains security fixes (sql injection, remote file inclusion and csrf fixes) for issues that have been reported to us by rgod working with Beyond Security's SecuriTeam Secure Disclosure program . Moreover it contains all other bug fixes since our last release. So eFront build 18023 is now available.

You can find the complete changelog below.

=== Version - build 18023 ===
- Fixed SQL Injection and Remote File Inclusion Vulnerability issues noticed by rgod working with Beyond Security's SecuriTeam Secure Disclosure program <http://www.beyondsecurity.com/ssd.html>
- Added print all units in lesson
- Fixed issue about max_online_users_threshold
- Fixed issue about path of .htaccess file when creating branch urls because file was created into module that runs the script
- Fixed issue about expiring sessions in user_times (#6310)
- Performance fix in copy files function
- Fixed csrf check for student ajax calls
- Fixed issue about backup option on automatic upgrades
- Fixed issue about PHPSESSID used for csrf check
- Added a user friendly message when user does not exist while adding a mapped account
- Fixed issue about clean up functionality in maintenance page
- Fixed sorting by assigned lesson in Associated lessons in Job position data
- Fixed default job position when assigning user to branch is 'No specific job position'
- Fixed import users to jobs does not assign branch courses if system option does not allow
- Fixed getEmployees(Jobs) and getJobDescriptions(branches) do not return non active or archived users
- VideoJS upgraded to latest version (4.12.0)
- Fixed issue when multiple tables in same page / module shared files minor changes
- Fixed nested quotes issue in forum
- Fixed completed user reassigned to course does not trigger not completed course event
- Fixed certification expiration not sent if course is inactive or archived
- Fixed garbage in recipient field when encrypt url enabled and send to all in find users
- Fixed delete notifications of inactive users
- Fixed Find users [Course criteria] does not include users that used to have a course but not now
- Fixed correct labels in participation reports
- Fixed sending a message, when in branch, filter out unreleated lessons
- Fixed delete pending notifications for course when user(s) are removed from course

(73 Bytes) Downloaded 319 times

Enjoy! :)
Michael Makrigiannakis
Software Engineer
skype: makriria
User avatar
Posts: 939
Joined: Thu Oct 04, 2007 12:16 pm

Re: eFront build 18023 is now available

Postby y.sulistya » Tue Mar 24, 2015 12:09 pm

download and testing this. thank you.
Blessings & Peace,
Yudi Sulistya

Database administrator & programmer at Faculty of Psychology • Airlangga University
Programmer at Cyber Campus • Airlangga University
Need personal help? contact me : yudi.sulistya[at]gmail.com
User avatar
Posts: 717
Joined: Mon Apr 13, 2009 12:02 pm
Location: Surabaya, Indonesia

Re: eFront build 18023 is now available

Postby dengcc » Tue Mar 24, 2015 11:12 pm

Thank you thank you! Hard!
Posts: 19
Joined: Thu Jan 08, 2015 8:32 pm

Return to News and Announcements

Who is online

Users browsing this forum: No registered users and 1 guest