Skip to content
Permalink
Browse files Browse the repository at this point in the history
Release 3.17.14+190902
  • Loading branch information
lacrioque committed Sep 2, 2019
1 parent 32d6a52 commit 5870fd1
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 2 deletions.
4 changes: 2 additions & 2 deletions application/config/version.php
Expand Up @@ -12,9 +12,9 @@
*/


$config['versionnumber'] = '3.17.13';
$config['versionnumber'] = '3.17.14';
$config['dbversionnumber'] = 359;
$config['buildnumber'] = '';
$config['updatable'] = true;
$config['assetsversionnumber'] = '30095';
$config['assetsversionnumber'] = '30096';
return $config;
40 changes: 40 additions & 0 deletions docs/release_notes.txt
Expand Up @@ -34,6 +34,46 @@ Thank you to everyone who helped with this new release!

CHANGE LOG
------------------------------------------------------
Changes from 3.17.13 (build 190824) to 3.17.14 (build 190902) September 2, 2019
-Fixed issue: setting "Show header in answers export PDFs" not taken in account (LouisGac)
-Fixed issue: [security]XSS in admin box buttons - kindly reported by Pavol Michalec & Frederik Koľbík (Carsten Schmitz)
-Fixed issue: [security]XML breakout possible on export - kindly reported by Pavol Michalec & Frederik Koľbík (Carsten Schmitz)
-Fixed issue: [security]X-Frame-Options SAMEORIGIN not set by default - kindly reported by Pavol Michalec & Frederik Koľbík (Carsten Schmitz)
-Fixed issue: [security]User unaware that SSL encryption should be enforced (Carsten Schmitz)
-Fixed issue: [security]Path revelation (Carsten Schmitz)
-Fixed issue: [security]LDAP login non-generic login message - kindly reported by Pavol Michalec & Frederik Koľbík (Carsten Schmitz)
-Fixed issue: [security]LDAP login non-generic login message - kindly reported by Pavol Michalec & Frederik Koľbík (Carsten Schmitz)
-Fixed issue: [security]Equation signs are not masked by default on data export (Carsten Schmitz)
-Fixed issue: [security]Equation signs are not masked by default on data export (Carsten Schmitz)
-Fixed issue: [security]CSRF cookie missing HTTP only parameter- kindly reported by Pavol Michalec & Frederik Koľbík (Carsten Schmitz)
-Fixed issue: [security]Admin user without permissions can still see plugins page - kindly reported by Pavol Michalec & Frederik Koľbík (Carsten Schmitz)
-Fixed issue: [security]Admin user with settings permissions can can run integrity check - kindly reported by Pavol Michalec & Frederik Koľbík (Carsten Schmitz)
-Fixed issue: [security]Admin user with limited permissions can view/update/delete reserved menu entries (Carsten Schmitz)
-Fixed issue: [security]Admin user can mark other user notification as read (Carsten Schmitz)
-Fixed issue: [security] Database backup uses browser cache (Carsten Schmitz)
-Fixed issue: [security] Browser cache used for exports (Carsten Schmitz)
-Fixed issue: [security] #15204: Stored XSS vulnerabilities - Thanks to J. Greil from the SEC Consult Vulnerability Lab (https://www.sec-consult.com) (Denis Chenu)
-Fixed issue: [security] #15204: Reflected XSS vulnerabilities - thanks to J. Greil from the SEC Consult Vulnerability Lab (Denis Chenu)
-Fixed issue: Survey upload self-reflecting XSS (Carsten Schmitz)
-Fixed issue: Sidebar not working on IE11 (lacrioque)
-Fixed issue: Memory issues if too many responses exist for the same token in a non-anonymous survey (Carsten Schmitz)
-Fixed issue: Memory issues if too many responses exist for the same token in a non-anonymous survey (Carsten Schmitz)
-Fixed issue: LsTutorial only working in debug mode (lacrioque)
-Fixed issue: Language not updated on import and overwrite in CPDB (lacrioque)
-Fixed issue: JS error in firstStartTour onShow code (#1315) (Martin Unkel)
-Fixed issue: After survey activation the ExpressionManager cache was not updated (Carsten Schmitz)
-Fixed issue #15212: Survey navigation shows message "Please use the survey navigation buttons...[]" instead of navigating (Carsten Schmitz)
-Fixed issue #15209: 500 error when try to save long administrator name (Denis Chenu)
-Fixed issue #15208: MSSQL error on 2nd page of theme (Denis Chenu)
-Fixed issue #15199: MSSQL : date/time question are not reloaded properly (Denis Chenu)
-Fixed issue #15197: Submitting empty menu entry crashes application ( Application Denial of Service) (lacrioque)
-Fixed issue #15194: Unable to remove page title from PDF generated at "print answers" screen (LouisGac)
-Fixed issue #15192: entering html code inside the answeroptions for List type questions will break/alter the html for editing answers (Patrick Teichmann)
-Fixed issue #15188: Access Label sets list (lacrioque)
-Fixed issue #14863: Extending core theme using the same core theme name (Eddy Lackmann)
-Fixed issue #10168: Commit test! Ignore (Carsten Schmitz)

This comment has been minimized.

Copy link
@Shnoulle

Shnoulle Sep 2, 2019

Collaborator

:D

-New translation: Filipino (Carsten Schmitz)

Changes from 3.17.12 (build 190823) to 3.17.13 (build 190824) August 24, 2019
-Fixed issue #15185: Surveys with less or more then 4-6 digits will not display the sidepanel (Patrick Teichmann)

Expand Down

0 comments on commit 5870fd1

Please sign in to comment.