We have released a security patch for 5.0.4 that fixes the following security issues along with some critical bugs reported by the community. More details can be found in the release notes VtigerCRM 5.0.4 SecurityPatch_ReleaseNotes.
Security Issues:-
1. Local File Disclosure
2. Cross-Site Scripting
3. SQL injection Vulnerbility
4. Arbatory File Upload
Trac Tickets:-
#5235: Patch Apply: Timeout settings need change
#5255: Cannot import more than 500 records
#5307: Campaign Related info getting lost
#5298: File attachment download gets corrupted
#5294: Organization image upload issue
#5231: Webmail qualify issue
#5268: Homepage dashboard link showing incorrect data in list view
#4847: Problem in selecting users/groups/profiles from the roles and groups edit view
#5393: Not able to delete default profiles/roles/users
We thank vtiger community for their support to detect the issues and help us resolve it. Special thank to Mark Piper, Fabian Fingerele, and Different Solutions.
Patch Download:
The 5.0.4 Security patch download is available here: [ VtigerCRM5.0.4_SecurityPatch]
NOTE: You will need to unpack the zip into your vtiger CRM folder. We recommend you to take a backup of your directory first before you unpack the patch.
Regards,
Asha
Vtiger Team
