iCagenda / ChangeLog

Keep Connected!

3.7.14 Security & Bug Fix Release

    Legend: !important +added -removed ~changed #fixed
    Info: access to the beta versions and pre-releases are reserved to users with a valid pro subscription.
    iCagenda™ is distributed under the terms of the GNU General Public License version 3 or later; see LICENSE.txt.

  iCagenda 3.7.14 (2020.04.26) Security & Bug Fix Release

  • #
    [SECURITY][LOW] Exploit type: Blind SQLi
  • Severity: Low
  • Versions: 3.6.0 through 3.7.13
  • Description: The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the events list view.
  • +
    Added : Search in custom fields value with the frontend global search field.
  • #
    [LOW] Fixed : Missing custom cancellation label in detailled view of event.
  • #
    [LOW] Fixed : Showon display of custom label options (should be hidden if default label).
  • #
    [LOW] Fixed : Removed not used asset_id.
  • Changed files in 3.7.14

  • ~
    admin/access.xml
  • ~
    admin/models/forms/event.xml
  • ~
    admin/sql/install/mysql/icagenda.install.sql
  • ~
    admin/utilities/event/event.php
  • ~
    admin/utilities/events/data.php
  • ~
    site/models/submit.php
  • ~
    site/models/forms/submit.xml
  • ~
    site/views/list/tmpl/default_filters.php

Follow Us

Search