Home  ->  Achievo Blog
Blog

Monday, September 27. 2010

Achievo 1.4.5 - Security Bugfix release

Again we received an email from the CYBSEC S.A company that they discovered 2 vulnerabilities in Achievo 1.4.4 and below. The first one was an authorization flaw in the Time registration module, that made it possible to delete/add records of other users. The second one was a CSRF in ATK how it handles the validation of the actions. Both problems are fixed in Achievo 1.4.5.

For a full list of resolved issues, you can visit: http://www.achievo.org/download/releasenotes/1_4_5.

Sandy
Posted by Sandy Pleyte in Release at 22:09 | Comments (0) | Trackbacks (0)
Defined tags for this entry: ,
(Page 1 of 1, totaling 1 entries)

Calendar

Back September '10 Forward
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Syndicate This Blog

Powered by

Serendipity PHP Weblog

Show tagged entries
sitemap | contact