To increase the security of the application, Checkbox will be releasing security updates throughout the lifespan of 2017 Q2. You can find changes that are issued in these minor updates below.
How to apply the updates:
Versions before 2017 Q2
If you have not already updated to 2017 Q2, then you need to take no additional action other than to follow the patch guide to 2017 Q2.
Currently on 2017 Q2
If you have already updated to 2017 Q2 before the date of the update’s release, then you can apply the update by overwriting all files in your installation except the web.config file and the config folder. Unlike patches, these security updates can be implemented without disabling HTTPs.
The security updates are built into 2017 Q2. To download them you can log into the customer support area, and re-download 2017 Q2 on the right-hand side.
If you are using the SDK / Developer edition please contact support for assistance in applying security updates.
If you have any questions about this, please contact our support team. These security updates will also contain any minor bug fixes that can be included without the need for a full patch.
Checkbox Online receives all security updates automatically.
Security Update 1
Released on 7/13/2017
- Resolved a potential security vulnerability for respondents when using JWT authentication
- Resolved an issue preventing patching to 2017 Q2 without an internet connection
- Resolved an issue preventing the SPSS Key from including Open Ended Questions
- Removed several leftover “Beta” phrases
- Resolved an issue preventing the Single Line Item – Date Format calendar popup from closing after a date has been selected
- [Web Services] Resolved an issue with ResponseDataService.ExportResponseTabular that could prevent answers from being exported for edited responses
Security Update 2
Released on 8/15/2017
- Resolved an issue where patching could lose style templates assigned to Email Response items
- Resolved an issue related to CSV exports when running on a web farm/load balanced environment
- UpdatedInvitation API method has been updated to return an error when no company profile has been set up
- Resolved an issue preventing the Matrix Sum Total item from validating the total when the item is not marked as required
- Resolved an issue with Single Line Text Item with alpha numeric validation would not allow alphanumeric characters outside of the English language
- Resolved a performance issue when exporting text for a survey