Last active
July 18, 2017 13:03
-
-
Save jordanpotti/fef4f1ada404d5ba7f88ab42e93cdaae to your computer and use it in GitHub Desktop.
RedCap Release Notes | CVE Reqm
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ChangeLog: Standard Release | |
Version 7.5.1 - (released 7/12/2017) | |
BUG FIXES & OTHER CHANGES: | |
Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating the query string of an HTTP request or REDCap link. | |
Medium security fix: A cross-site scripting vulnerability was found that could be exploited by a malicious user by manipulating text strings input into conversation titles or messages in REDCap Messenger. | |
Major bug fix: On certain occasions, the cron job that schedules Automated Survey Invitations containing conditional logic using datediff() with "today" as a parameter might mistakenly remove survey invitations that have been scheduled for another project. This would result in random survey participants not receiving their invitations. This issue occurs very seldom. | |
Minor security fix: A couple functions (e.g., deleting files in the File Repository or on File Upload fields) were mistakenly not being protected from Cross-site Request Forgery (CSRF) attacks by potential malicious users. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment