Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.
Fixed bugs:
Fixed bugs:
- Security (Important) - Stored XSS in Checkbox form component - The Checkbox component in form builder was vulnerable to Cross-Site-Scripting attack (XSS). To eliminate this vulnerability, support for HTML in Checkbox component was removed.
- Security (Important) - Stored XSS in avatar upload feature - This vulnerability was caused by the file uploader that did not check the configuration of allowed extensions which could potentially lead to Cross-Site-Scripting attack (XSS). We fixed this issue by adding a check for extension of uploaded file, which effectively eliminated possibility of XSS.