This week was quite busy with a lot security fixes. At the beginning of the week 5 security vulnerabilities were reported and I spent most of Monday and Tuesday doing fixes, porting them to other branches, preparing security advisories and communicating with reporter, security team and CVE team.
Following are the list of security vulnerabilities fixed.
#4594 Path Traversal in File Inclusion of GIS Factory
#4595 Path Traversal can lead to leakage of line count
#4596 XSS through exception stack
#4597 XSS through pma_fontsize cookie
#4598 XSS in multi submit
During the week I was also engaged in usual bug fixing and following bug fixes are now ready to be released with the next release.
#4057 db/table query string parameters no longer work
#4444 No insert statement produced in SQL export for queries with alias
#4591 Spinner in navigation running forever
#4599 Input field is erased after keyboard language switch
#4602 Exporting selected rows export all rows of the query
#4603 Field disabled when internal relations used
Additionally, I also attended to the following bugs.
#4254 Unable to log in after timeout had been exceeded (cookie)
#4008 Unable to log back in after session expired
#3773 No tables shown because of privileges of views
#4367 Import status infinite loop
#4295 Problem when session expires while importing file
Towards the end of the week, I had a look at the token mismatch issue that were reported to us several time. I will update you on the progress of this in the next post.