Znuny 7.0.17
von Michael Rütten
Changes:
- 2024-04-10 Fixed mixed usage of database objects in customer and customer user database backend. #540
- 2024-04-09 Fixed session handling while saving user preferences.
- 2024-04-08 CVE-2024-32492: Fixed security issue with JavaScript in body of article being executed in customer ticket zoom. Thanks to Martino Spagnuolo for reporting this issue.
- 2024-04-05 CVE-2024-32493: Fixed SQL injection issue regarding Form IDs when cleaning up drafts. Thanks to Martino Spagnuolo for reporting the issue.
- 2024-04-05 CVE-2024-32491: Fixed security issue with uploading files that could be placed to any writable location and used for remote code execution. Thanks to Martino Spagnuolo for reporting and providing the fix.