Convert Forms 2.0.4 security release

  • Published in Blog by Tassos Marinos on Thursday, 12 April 2018

Convert Forms 2.0.4 security release

This is a security release which addresses a vulnerability reported by one of our users (Paladion Networks Pvt. Ltd) that could be exploited through the Leads exported CSV file opened with Excel or any other similar programs.

The solution implemented to secure the CSV file is to prefix the row values starting with =, +, - or @ with a tab character. In case though, you're trying to use the CSV file in an app that doesn't automatically strip the tab characters, you can turn this option off in the component's configuration page.

Read more information here: https://vel.joomla.org/articles/2140-introducing-csv-injection

Changelog

  • Adds new option to secure exported files for Excel, OpenOffice, LibreOffice
  • Fixes bug in the MailChimp Integration passing an invalid value when using the Terms of Service field
Download the Update