Patch #5 Released for V2.4.1 to fix a few Critical Issues

Saturday, April 22, 2017 Tags: patch, release, bugs

Hot on the heals of patch #4, this patch fixes a two critical issues in the v2.4.1 patch #4 release (and prior) which may cause some modules with odd source names to disappear such as those added to the flyout sidebars. It also fixes a possible XSS exploit in elFinder (thanks to chengable) We strongly encourage all Exponent installations be upgraded to v2.4.1 as soon as practical! Patch #5 to v2.4.1 is found at 

v241patch5 adds these features to v241:

  • change default password security to blowfish vs md5
  • allow specifying events send_reminders view in url
  • add jquery/bootstrap-3 based toggle widget

v241patch5 fixes these issues in v241:

  • regression fix (v240) invalidating valid source names made some modules disappear
  • fix styling issue with bs3 form designer 'Toggle Designer Grid'
  • regression fix with links showall view links if the open new window option was selected
  • fix possible xss security issue with elFinder (thanks to chengable)
  • fix new socialfeed notes view photos on firefox and opera

v241patch5 updates these 3rd party libraries in v241:

  • mediaelement.js to v4.0.6