Recently vTiger release version 7.2 related to major security updates. This was the long time demand from many users and community members. Thanks to entire vTiger team and supportive community members.
Following major updates to the vTiger version 7.2, available to sourceforge here.
1. Data Integrity Support Through Checkpermission api:
7.2 API Documentation:
- New API checkPermission() and requiresPermission() added to product.
Core api definition in includes/runtime/Controller.php
Privilege will be set for user to perform any actions via profile and sharing access.
- RequiresPermission holds the standard array of permissions to be verified for user to perform particular action.
- CheckPermission verifies the defined permission against User Privileges model. Only on thumbs up from checkpermission, respective action will be performed. This api is supported for all action and view files.
Click here to see more information on where new code has been added
Click here to see more information on where new code has been added.
Previously this was addressed in models level, which led to slip many test-cases. To make sure no compromise on Data integrity above specified api is been added to all view and action files.
2. File security through obscurity:
3. Barrier for SQL Injections through prepared queries:
- SQL Injection was a major issue with earlier release of vTiger, which has been addressed to the latest version 7.2 by adding more layer to MySQL queries as per the screens below.
4. Open security and performance issues have been addressed:
5. Fix for 60+ high priority issues on code.vtiger.com:
There are more than 60+ issues have been addressed and PR has been released with the updates of vTiger 7.2.
You can download Vtiger CRM 7.2.0 from here
Do You Need More Information ?