Security Updates for Visforms - 2.1.2 and 3.1.2 released
This morning we received a message, that there is the potential possibility to see stored user inputs, submitted with Visforms, in frontend, even if you do not want to publish them, if you have choosen the wrong configuration settings for your forms and fields . As a result, we have already released a new version of Visforms. Default settings are now set up in a way that no unauthoriesed display of data will be possible. The settings will effect each form and field which you create after the update.
Please make also sure, that you have set up the forms you, which have already created with previous versions of Visforms, in a way that prevents unauthorised display of data, if you do not want to display user inputs by using the frontend data view:
- Set the form option 'autopublish data' to 'no'
- Go to the administration data view of each form and set each record set to 'unpublished'.
As a consequence of the changed default settings it is now neccessary to actively change forms and fields configurations, if you want to publish user inputs in frontend. Please read Save results and use stored data in the documentation.
The update is available through Joomla! auto upater and in the download section of our website.
As the support for Joomla! 2.5 will stop on December, 31. 2014, we will release no further updates for Visforms for Joomla! 2.5 as well.