1.16.3 (2019-01-18)
This is a bugfix release, which also includes some security fixes both in alf.io and its dependencies. Please update your instance
Security Fixes (alf.io):
We've found that there is a way for an user to open (and potentially download and use) a ticket belonging to someone else. Despite the process of obtaining this data requires a deep knowledge of the system, and the chances of getting a hold of said ticket are low, we advise everyone to update their instance.
Security Fixes (dependencies):
- Update Bootstrap version #562
Fixed bugs:
- VAT rounding can be wrong in some cases #576
Merged pull requests: