webtrees 2.1.17
25 July 2023
webtrees version 2.1.17 is now available.
Upgrading to webtrees 2.1.17
webtrees 2.1.17 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply webtrees updates as new versions are released, or use Installatron's Clone feature to duplicate an existing webtrees install to test the 2.1.17 upgrade prior to applying it live. Get started managing your webtrees installations with Installatron
What's New in webtrees 2.1.17
Security
- Uploaded SVG files can contain javascript.
- Uploaded HTML files can contain javascript.
- XSS vulnerability in add note/source modal dialog.
- No validation on redirect URL after completing various actions.
- No rate limit for password reset, registration and contact forms.
- An admin can delete core files from the /data folder.
- XSS vulnerability in tree titles in control panel.
- User credentials are echoed in the URL when the registration form has errors.
- The password reset form allows you to determine if a user account exists.