Znuny 7.0.17

Znuny 7.0.17#

Release Information:

Release Date

17-APR-2024

Release Type

Patchlevel with security fixes

Download

https://download.znuny.org/releases/znuny-7.0.17.tar.gz

GitHub

znuny/Znuny

Security Vulnerabilities Fixed#

  • Fixed security issue with JavaScript in body of article being executed in customer ticket zoom (CVE-2024-32492). Thanks to Martino Spagnuolo for reporting the issue.

  • Fixed security issue with uploaded files that could be used for remote code execution (CVE-2024-32491). Thanks to Martino Spagnuolo for reporting and providing the fix.

  • Fixed SQL injection issue when using the draft functionality (CVE-2024-32493). Thanks to Martino Spagnuolo for reporting the issue.

Fixed Issues#

  • Fixed session handling when saving user preferences.

  • Fixed usage of multiple database objects in customer and customer user database backend. (#540)

Read about all changes in the CHANGES.md. See the commits on GitHub for a list of all changes.

Contents