github alfio-event/alf.io 2.0-M4-2301
Alf.io 2.0-M4-2301

latest releases: 2.0-M5, 2.0-M4-2407, 2.0-M4-2402-3...
22 months ago

Alf.io 2.0-M4-2301 (2023-01-14)

Security fixes

  • CVE-2023-0300 (low severity) - Self-inflicted XSS
  • CVE-2023-0301 (low severity) - Prevent organizers to insert dangerous link within their event description

please note that both security fixes are related to the Backoffice application. The "public" application was not impacted.

thanks to @huntr-helper contributors!

Improvements

Bug fixed

  • Cannot search reservation by invoice number #1090
  • Remove button should not be displayed for checked-in tickets #1093
  • Various errors when selecting / deselecting the payment method #1100
  • Error on "Confirmed" items on the Additional services page #1108
  • Stripe API not working as expected #1159 (thanks to @icougil for reporting it and for helping us debugging it)

Don't miss a new alf.io release

NewReleases is sending notifications on new releases.