Checkbox Server 2016 Q4 Security Update Release #2


In order to increase the security of the application, Checkbox will be releasing security updates throughout the lifespan of 2016 Q4. You can find changes that are issued in these minor updates below.

Security Update 1
Released 12/30/2016

  • Resolved an issue that prevented slider items with images from loading the images on mobile devices
  • Resolved an issue preventing the forcenew=true param from being applied to custom survey URL test links
  • Added preview image for the rating item
  • Report items with “include options without answers” should now display all options as expected
  • Moved font awesome references to the local application to prevent insecure content warnings when using HTTPs

Security Update 2
Released 1/19/2017

  • Resolved possible directory traversal vulnerability
  • Resolved an issue which prevented the saving of matrix column widths
  • Resolved XSS vulnerability related to specific types of matrix items
  • Resolved potential open redirection vulnerability on login page

You can find more information about these updates, other security updates for 2016 Q4, as well as information on how to apply the updates here


Have more questions? Submit a request


Article is closed for comments.