Legend: !important +added -removed ~changed #fixed
Info: access to the beta versions and pre-releases are reserved to users with a valid pro subscription.
iCagenda™ is distributed under the terms of the GNU General Public License version 3 or later; see LICENSE.txt.
iCagenda 3.7.14 (2020.04.26) Security & Bug Fix Release
-
#
[SECURITY][LOW] Exploit type: Blind SQLi
- Severity: Low
- Versions: 3.6.0 through 3.7.13
- Description: The lack of type casting of a variable in SQL statement leads to a SQL injection vulnerability in the events list view.
-
+
Added : Search in custom fields value with the frontend global search field.
-
#
[LOW] Fixed : Missing custom cancellation label in detailled view of event.
-
#
[LOW] Fixed : Showon display of custom label options (should be hidden if default label).
-
#
[LOW] Fixed : Removed not used asset_id.
Changed files in 3.7.14
-
~
admin/access.xml
-
~
admin/models/forms/event.xml
-
~
admin/sql/install/mysql/icagenda.install.sql
-
~
admin/utilities/event/event.php
-
~
admin/utilities/events/data.php
-
~
site/models/submit.php
-
~
site/models/forms/submit.xml
-
~
site/views/list/tmpl/default_filters.php
