CHANGELOG
AvantFAX 3.4.1- Fixes to CSRF and Cookie Session management
- Add support for hashing passwords using bcrypt
- Password handling improvements
- Upgrade to Smarty 3.1.x
- Small bug fixes
- Fixes for CVE-2025-1782 reported by Fabian Beskow
AvantFAX 3.4.0
- Parse unknown form variable using htmlspecialchars
- Fix decoding html entities in set_note.php
- Append timestamp to account credentials upon delete
- Use MDB2 driver for mysqli instead of mysql
- Updates for PHP 7
- Add CSRF token to forms
- Security fixes discovered by Harold Rodriguez at Cycura
CVE-2023-23326: A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7.
CVE-2023-23327: An Information Disclosure vulnerability exists in AvantFAX 3.3.7.
CVE-2023-23328: A File Upload vulnerability exists in AvantFAX 3.3.7.
- Improve memory usage while pruning inbox and archive
AvantFAX 3.3.7
- Security patch for SQL injection in archive.php discovered by Johannes Segitz from SUSE Software Solutions Germany GmbH
- Fix Outbox display when fax priority is 0
AvantFAX 3.3.6
- Security patch for authenticated RCE discovered by Depth Security
CVE information at ftp://ftp.ifax.com/security/CVE-2020-11766.html
AvantFAX 3.3.5
- Update Archive and System Logs pages to correctly show list of years to range in the archive (start date and end date)
AvantFAX 3.3.4
- rh-install.sh, sles-install.sh
- update scripts to add PHP sizelimit settings in Apache VirtualHost file
- includes/langs/pt-PT.php
- fix quotation mark problem
- includes/langs/si.php
- Add Slovenian language by Jernej Praprotnik and Aleksandra Zupanc
- includes/FaxPDFArchive.php
- fix search_archive method to check for page limit
- includes/FormRules.php
- Update FormRules email address regex
- admin/users.php
- Fix updating TSID for users
- admin/index.php, index.php, AFUserAccount.php
- Remove login_webauth method
AvantFAX 3.3.3
- includes/avantfaxcron.php
- bug fixed to remove temporary files by modification time rather than access time
- includes/langs/pt-PT.php
- Portuguese language added by Carlos Monteiro
- includes/faxcover.php
- Fix sender's name lookup
