CHANGELOG

AvantFAX 3.4.1
- Fixes to CSRF and Cookie Session management
- Add support for hashing passwords using bcrypt
- Password handling improvements
- Upgrade to Smarty 3.1.x
- Small bug fixes
- Fixes for CVE-2025-1782 reported by Fabian Beskow


AvantFAX 3.4.0
- Parse unknown form variable using htmlspecialchars
- Fix decoding html entities in set_note.php
- Append timestamp to account credentials upon delete
- Use MDB2 driver for mysqli instead of mysql
- Updates for PHP 7
- Add CSRF token to forms
- Security fixes discovered by Harold Rodriguez at Cycura
CVE-2023-23326: A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7.
CVE-2023-23327: An Information Disclosure vulnerability exists in AvantFAX 3.3.7.
CVE-2023-23328: A File Upload vulnerability exists in AvantFAX 3.3.7.
- Improve memory usage while pruning inbox and archive

 

 

AvantFAX 3.3.7

- Security patch for SQL injection in archive.php discovered by Johannes Segitz from SUSE Software Solutions Germany GmbH

- Fix Outbox display when fax priority is 0

 

AvantFAX 3.3.6
- Security patch for authenticated RCE discovered by Depth Security
CVE information at ftp://ftp.ifax.com/security/CVE-2020-11766.html

 

AvantFAX 3.3.5
- Update Archive and System Logs pages to correctly show list of years to range in the archive (start date and end date)

AvantFAX 3.3.4
- rh-install.sh, sles-install.sh
        - update scripts to add PHP sizelimit settings in Apache VirtualHost file
- includes/langs/pt-PT.php
        - fix quotation mark problem
- includes/langs/si.php
        - Add Slovenian language by Jernej Praprotnik and Aleksandra Zupanc
- includes/FaxPDFArchive.php
        - fix search_archive method to check for page limit
- includes/FormRules.php
        - Update FormRules email address regex
- admin/users.php
        - Fix updating TSID for users
- admin/index.php, index.php, AFUserAccount.php
        - Remove login_webauth method


AvantFAX 3.3.3
- includes/avantfaxcron.php
        - bug fixed to remove temporary files by modification time rather than access time
- includes/langs/pt-PT.php
        - Portuguese language added by Carlos Monteiro
- includes/faxcover.php
        - Fix sender's name lookup



t38fax