changelog
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
changelog [2023/03/16 12:17] – marco | changelog [2023/11/04 06:10] (current) – marco | ||
---|---|---|---|
Line 4: | Line 4: | ||
< | < | ||
+ | 3.0.6 (03/ | ||
+ | ====================== | ||
+ | -when using a remote server smtp.gmail.com suggest to create an app password | ||
+ | -if email in structure data has a public provider suggest to use their remote server | ||
+ | -don't pass anymore unregistered _REQUEST variables (register globals off) | ||
+ | -when changing reservation client, possibility to replace him also in payments made | ||
+ | -added " | ||
+ | -new privilege for normal users to change their password | ||
+ | -updated Italian document ROSS1000 to use residence data from main guest if missing | ||
+ | -insert from modification page a copy of the reservation(s), | ||
+ | -fixed bugs: XSS vulnerabilities (CVE-2023-43375) (CVE-2023-43376) (CVE-2023-43377) | ||
+ | -fixed bug: possible SQL injection in personalizza.php (CVE-2023-43374) | ||
+ | -fixed bug: possible SQL injection in interconnessioni.php (CVE-2023-43373) | ||
+ | -customization of upper/lower case format in names, surnames, nations, etc. | ||
+ | -don't upload files in documents table if user can't modify any document, no html | ||
+ | | ||
+ | -global privilege to don't allow users to modify documents in html format | ||
+ | -fixed bug: avoid cross site scripting in errors from database (CVE-2023-47164) | ||
+ | -fixed bug: custom comments deleted when inserting check-out and sometimes check-in | ||
+ | -fixed bug: remote code execution in backup from administrator user (CVE-2023-34854) | ||
+ | as disclosed by Glen Husman and Donovan Jasper | ||
+ | -fixed bugs: some cross site scripting vulnerabilities in backend (CVE-2023-34537) | ||
+ | -fixed bug: SQL injection in creaprezzi.php (CVE-2023-33817) (CVE-2023-43371) | ||
+ | -fixed bug: sometimes extra bed not added when searching availability from main menu | ||
+ | -fixed bug: possible SQL injection from administrator user in privilegi_utente.php | ||
+ | -fixed bug: identity document type not inserted in clients data | ||
+ | -fixed bug: wrong update of api documents from 3.0.4 | ||
+ | |||
+ | |||
3.0.5 (16/ | 3.0.5 (16/ | ||
====================== | ====================== | ||
-in rules 1 table show rates in natural order | -in rules 1 table show rates in natural order | ||
-insert deposits and commissions for "all rates" or all rates with existing value | -insert deposits and commissions for "all rates" or all rates with existing value | ||
- | -translate | + | -encode |
-optional " | -optional " | ||
-optional " | -optional " |
changelog.txt · Last modified: 2023/11/04 06:10 by marco