This is an important release which fixes a number of vulnerabilities that are critical and may expose sites to serious threats. Please upgrade as soon as possible!
A number of important vulnerabilities reported by Peter Arts (from daylight-it.com), as well as a vulnerability reported by Tyler Joseph Boespflug (aka Tyman00), thank you both.
*Note: 0.8.1.5 had a bug. Fixed and new release made.
Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!
Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!
Last edited by Jo Morg on Fri Feb 17, 2017 10:59 am, edited 1 time in total.
Reason: Update
Reason: Update
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!
Hello
After upgrade 0.8.1.4 >> 0.8.1.5 i have error:
"You need the "Modify Forms" permission to perform that operation."
.. on form page.
Is there a solution for this?
----------------------------------------------
Cms Version: 1.12.1
Installed Modules:
CMSMailer: 5.2.2
CMSPrinting: 1.0.5
FileManager: 1.4.5
MenuManager: 1.8.7
MicroTiny: 1.2.9
ModuleManager: 1.5.8
News: 2.15.2
Search: 1.7.13
ThemeManager: 1.1.8
CGExtensions: 1.41.2
CGSmartImage: 1.16.2
PDFGenerator: 0.2
Gallery: 2.0.1
FormBuilder: 0.8.1.5
FormBrowser: 0.4.2
TinyMCE: 2.9.12
Config Information:
php_memory_limit:
process_whole_template:
max_upload_size: 32000000
url_rewriting: none
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true
Php Information:
phpversion: 5.5.18
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 2048
E_DEPRECATED: 8192
memory_limit: 128M
max_execution_time: 30
output_buffering: On
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 32M
upload_max_filesize: 32M
session_save_path: /Applications/MAMP/tmp/php (0775)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)
Server Information:
Server Api: apache2handler
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.38
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
Server Time Diff: No filesystem time difference found
----------------------------------------------
After upgrade 0.8.1.4 >> 0.8.1.5 i have error:
"You need the "Modify Forms" permission to perform that operation."
.. on form page.
Is there a solution for this?
----------------------------------------------
Cms Version: 1.12.1
Installed Modules:
CMSMailer: 5.2.2
CMSPrinting: 1.0.5
FileManager: 1.4.5
MenuManager: 1.8.7
MicroTiny: 1.2.9
ModuleManager: 1.5.8
News: 2.15.2
Search: 1.7.13
ThemeManager: 1.1.8
CGExtensions: 1.41.2
CGSmartImage: 1.16.2
PDFGenerator: 0.2
Gallery: 2.0.1
FormBuilder: 0.8.1.5
FormBrowser: 0.4.2
TinyMCE: 2.9.12
Config Information:
php_memory_limit:
process_whole_template:
max_upload_size: 32000000
url_rewriting: none
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true
Php Information:
phpversion: 5.5.18
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 2048
E_DEPRECATED: 8192
memory_limit: 128M
max_execution_time: 30
output_buffering: On
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 32M
upload_max_filesize: 32M
session_save_path: /Applications/MAMP/tmp/php (0775)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)
Server Information:
Server Api: apache2handler
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.38
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable
Server Time Diff: No filesystem time difference found
----------------------------------------------
Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!
Some more. Form works if i am logged in.
Re: Formbuiler 0.8.1.5 Released: Vulnerabilities Fix!
Confirmed! I'll fix it and re-release it in a bit.lumimies wrote:Some more. Form works if i am logged in.
Thanks.
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!
New release on the forge. Thank you. Topic updated.
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Condut | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
DevMoot 2023 in Cynwyd, Wales: I was there!
Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!
Thank You for this ultra-fast response & solution!
Re: Formbuiler 0.8.1.6 Released: Vulnerabilities Fix!
Thank you Jo Morg!