Release Notes

What's new and what's fixed!

Carousel 7.4.4

February 11, 2019
  • Bug CSL-1683 | Security: Carousel API RenderingFetch Method is Vulnerable to Local File Inclusion (LFI) - Fixed a security issue where the RenderingFetch endpoint could access local files.
  • Bug CSL-2399 | Security: Malicious Files Can Be uploaded to the Server - Fixed a security issue where executable scripts could be uploaded to the server.
  • Bug CSL-2405 | Security: Change Admin PW on Install / Update - Implemented a workflow to force users to change the default password supplied during installation for security reasons.
  • Bug CSL-1957 | Change Default Password Hash Algorithm - Security enhancements.