HotelDruid Wiki

User Tools

Site Tools

Trace:
changelog

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
changelog [2023/03/16 12:17] marcochangelog [2023/11/04 06:10] (current) marco
Line 4: Line 4:
  
 <file> <file>
 +3.0.6 (03/11/2023)
 +======================
 +-when using a remote server smtp.gmail.com suggest to create an app password
 +-if email in structure data has a public provider suggest to use their remote server
 +-don't pass anymore unregistered _REQUEST variables (register globals off)
 +-when changing reservation client, possibility to replace him also in payments made
 +-added "doesn't contain" to "if" comparisons in document conditions
 +-new privilege for normal users to change their password
 +-updated Italian document ROSS1000 to use residence data from main guest if missing
 +-insert from modification page a copy of the reservation(s), also for deleted ones
 +-fixed bugs: XSS vulnerabilities (CVE-2023-43375) (CVE-2023-43376) (CVE-2023-43377)
 +-fixed bug: possible SQL injection in personalizza.php (CVE-2023-43374)
 +-fixed bug: possible SQL injection in interconnessioni.php (CVE-2023-43373)
 +-customization of upper/lower case format in names, surnames, nations, etc.
 +-don't upload files in documents table if user can't modify any document, no html
 + suffix if he can't mofify html documents (CVE-2022-45592)
 +-global privilege to don't allow users to modify documents in html format
 +-fixed bug: avoid cross site scripting in errors from database (CVE-2023-47164)
 +-fixed bug: custom comments deleted when inserting check-out and sometimes check-in
 +-fixed bug: remote code execution in backup from administrator user (CVE-2023-34854)
 + as disclosed by Glen Husman and Donovan Jasper
 +-fixed bugs: some cross site scripting vulnerabilities in backend (CVE-2023-34537)
 +-fixed bug: SQL injection in creaprezzi.php (CVE-2023-33817) (CVE-2023-43371)
 +-fixed bug: sometimes extra bed not added when searching availability from main menu
 +-fixed bug: possible SQL injection from administrator user in privilegi_utente.php
 +-fixed bug: identity document type not inserted in clients data
 +-fixed bug: wrong update of api documents from 3.0.4
 +
 +
 3.0.5 (16/03/2023) 3.0.5 (16/03/2023)
 ====================== ======================
 -in rules 1 table show rates in natural order -in rules 1 table show rates in natural order
 -insert deposits and commissions for "all rates" or all rates with existing value -insert deposits and commissions for "all rates" or all rates with existing value
--translate html special characters in predefined variables in HTML documents (CVE)+-encode html characters in predefined variables in HTML documents (CVE-2023-29839)
 -optional "transaction date" for reservations and cashbox payments -optional "transaction date" for reservations and cashbox payments
 -optional "notes" when inserting reservation payments -optional "notes" when inserting reservation payments
changelog.1678969033.txt.gz · Last modified: 2023/03/16 12:17 by marco