DaDaBIK logo

Blog

The new DaDaBIK 7.3 is out, an important vulnerability fixed

Dear all,
DaDaBIK 7.3 is out. This release fixes some bugs and add a few new minor features.

In particular, it contains a fix for an important SQL injection vulnerability which allowed an authenticated attacker to see unauthorized data, even coming from a different database. It is very important for you to read all the details in the changelog. The fix for this vulnerability is also available as a separate patch here.


In the changelog you will also find the other bugs fixed and the new features, including the possibility to change the language on the fly and an improved installation procedure ( meaningful error messages, $site_url and $site_path not required anymore, ...).


As usual, if you are in your free upgrade timeframe (1 year for DaDaBIK Enterprise, 6 months for DaDaBIK PRO), you can request your free copy from the upgrade page. The upgrade process has been redesigned, you can now download the new new version by yourself, without waiting for an email.



If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 7.3 by purchasing a maintenance license (€65), which also provides you with an additional year of free upgrade (email support@dadabik.org to get the instructions).



Finally, DaDaBIK 8 is still under heavy development and the DaDaBIK 8 Desiderata document is still available for you to vote for the next features to implement and propose additional features. Please take a few minutes to add your contribute.


Best,

Eugenio Tacchini
DaDaBIK founder