Today we received an email from the CYBSEC S.A company that they discovered 2 vulnerabilities in Achievo 1.4.2 and below. The first one was about an XSS that people could enter javascript in a scheduler category. And the second one was about the document manager. This module didn't check the files that where upload which made it possible to upload php files for example. Therefore we updated the document manager and added a new config (docmanager_allowedfiletypes) for it in /configs/docmanager.php.inc. With this config you can tell the docmanager what type of files a user can upload. Both problems are now fixed in Achievo 1.4.3 this means that we have a new release 6 hours after they where reported, which is a new record

For a full list of resolved issues, you can visit: http://www.achievo.org/download/releasenotes/1_4_3.

Sandy

I'm pleased to announce the immediate availability of the 1.4.2 release. This release is the second maintenance release in the 1.4 series, and includes 2 bugfixes, a language update and a new config for turning on the ages in the scheduler birthday view. Many thanks to all the contributors who helped with this release, including translators and reporters.

For a full list of resolved issues, you can visit: http://www.achievo.org/download/releasenotes/1_4_2.

Sandy

I'm pleased to announce the immediate availability of the 1.4.1 release. This release is the first maintenance release in the 1.4 series, and includes 5 bugfixes and 2 language updates. Many thanks to all the contributors who helped with this release, including translators and reporters.

For a full list of resolved issues, you can visit: http://www.achievo.org/download/releasenotes/1_4_1.

Sandy

Two weeks after the release candidate we can now present you a new stable release. One of the new problems we had is that many people where switching to PHP 5.3, while the last stable version didn't run correctly this version will run without problems. And other often heard problem on the forum was the speed of Achievo. In this release we make a lot of optimizations which resulted in a 50% performance for some parts in Achievo. This release also fixed multiple security vulnerabilities, so please upgrade as soon as possible.

For a list of changes and other important information about this release, or to download it, see the release-notes.

Sandy

After more then 1 year we are proud to announce the first release candidate for Achievo 1.4.
For a list of changes and other important information about this release, or to download it, see the release-notes.

Some people will wonder what we did in the mean while, well we worked on Achievo 2.0, but it's still far from release ready. I will try to setup a demo version soon so you all can see what Achievo 2.0 will become. To give you some hints, in Achievo 2.0 you can expect a complete rewrite of the time registration and the project modules. Soon more.....


Sandy