Support Forum

Every time that you post a problem, PLEASE add the Joomla and the extension's versions and revisions (for example: Joomla 3.3.6, Contact Enhanced 3.3.5), PHP version and Server's Operating System. If you only manage only one site it is easier if you edit your profile and just add that information to your signature. Don't forget to add a detailed description of the problem. If possible, write down all steps to simulate the problem.

Before submitting a new post, PLEASE make sure you are running the latest version, test in different browsers (IE, FF, Chrome,..) and clear Joomla and browser's cache after every change you make.

Also, most questions are already answered in our FAQ and in iFAQ and Contact Enhanced documentation pages.

× Contact Enhanced is a contact component manager created to replace Joomla! core contacts component and add lots of advantages and new features (see Features ) and it offers many plugins and modules for several different purposes,
Product page | Documentation Page

Contact Enhanced includes jquery.fileupload version: 5.37.0 which is not secure

1 week 6 days ago #25146 by dseger
To IdealExtensions:

We use Sucuri to scan our Joomla site for vulnerabilities. It recently identified an outdated jquery file in Contact Enhanced. The file is located at ...components/com_contactenhanced/assets/jquery.fileupload/js/jquery.fileupload.js. If you view that file you will see that it is version 5.37.0 and released back in 2010. Sebastian Tschan (blueimp) has much newer and much more secure releases at github.com/blueimp/jQuery-File-Upload/releases

There may be other very outdated 3rd party files that IdealExtensions should update. This one should be considered a high priority since it is a file upload library and file uploads are targets for 'bad guys'.

We are running latest CE version (as of this writing) on Joomla 3.9.8

Please let me know if you plan to update this js script soon.

Please Log in or Create an account to join the conversation.

1 week 5 days ago - 1 week 5 days ago #25147 by support
Greetings,

Even though jQuery-File-Upload JS files was outdated, Contact Enhanced was using one of the latest versions of the PHP file, used for the server side upload, where the security vulnerabilities were located. Also, Contact Enhanced does not use "Iframe Transport" feature.

Anyway, in order to avoid the Sucuri false positive, I've updated the entire jQuery-File-Upload Plugin in the source code and implemented all required changes to the Multiple Files Upload Form Field in order to reflect the latest JS Plugin changes.

I'll create a new package either today or tomorrow.

PS: Your site/forum username was your email address but I've renamed it to dseger in order to avoid email harvesting...

Best regards,

Please Log in or Create an account to join the conversation.

1 week 5 days ago #25151 by dseger
Thank you Douglas for your quick action. I like your products. We will update when the next release is available.
Dennis

Please Log in or Create an account to join the conversation.

1 week 5 days ago #25153 by support
Dear Dennis,

I'm glad you like our products. ;-)

I've released a new version last night. It should be available from Joomla Extensions » Manage » Update.

Best wishes,

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum

Copyright © 2018 IdealExtensions.com. All Rights Reserved.

This site is not affiliated with or endorsed by the Joomla!™ Project. It is not supported or warranted by the Joomla!™ Project or Open Source Matters™. The Joomla!™ logo is used under a limited license granted by Open Source Matters™, the trademark holder in the United States and other countries.
We may collect your IP address and your browser's User Agent string while using our site for security reasons and deriving aggregate information (analytics). This information is retained for a minimum of 1 and a maximum of 24 months.
Feedback