MachForm 22 Released. Security Update.
MachForm 22 is now available for download on Billing Area. This release brings important security updates and bug fixes. We STRONGLY encourage you to update your MachForm immediately.
Security Updates
- Remote Command Execution. We have addressed a potential vulnerability that could allow remote command execution under specific conditions.
- Cross-Site Scripting (XSS). We have resolved an issue related to cross-site scripting.
Technical Details
The technical details of these vulnerabilities will be published later in the CVE database. We will update this post with the corresponding CVE IDs once they are available.
(UPDATE) List of published CVE IDs:
Acknowledgments
We would like to extend our gratitude to Luca Bertaccini for his diligence and expertise in identifying these vulnerabilities.
PHP & MySQL Version Requirement
MachForm v22 requires the minimum version of PHP on your server to be at least PHP 7.4 and MySQL version at least MySQL 5.7. If you’re still using an older version, you’ll need to upgrade your PHP and/or MySQL version first.
How to Update
This update is FREE for all users with an active support contract.
As mentioned above, you can download it in the Billing Area.
Follow this upgrade instruction:
Upgrading MachForm Self-Hosted
MachForm Cloud Users
If you’re subscribed to any of our MachForm Cloud plans, no further action is required on your part. We automatically update the MachForm version for all our cloud users with the latest version.