mendelson OFTP2 2020 b272 released

min read
A- A+
mendelson OFTP2

Directory traversal vulnerability, Partner delete

  • Added an additional check on the content of SFID.SFIDDATE and SFID.SFIDTIME to prevent invalid content that allowed to write files somewhere in the file system. If the content is not numeric the system will now answer with a SFNA.SFNAREAS=99
  • Regression: It was impossible to delete a partner if it had a postprocessing event assigned. If you don't want to update you could just keep the partner and rename him to a new one if your require additional parters.