In order to increase the security of the application, Checkbox will be releasing security updates throughout the lifespan of 2016 Q4. You can find changes that are issued in these minor updates below.
How to apply the updates:
Versions prior to 2016 Q4
If you have not already updated to 2016 Q4 then you need to take no additional action other than to follow the patch guide to 2016 Q4.
Currently on 2016 Q4
If you have already updated to 2016 Q4 prior to the date of the update’s release then you can apply the update by overwriting all files in your installation except the web.config file and the config folder. Unlike patches, these security updates can be applied without disabling HTTPs.
The security updates are built into 2016 Q4. To download them you can log into the customer support area, and re-download 2016 Q4 on the right-hand side.
If you are using the SDK / Developer edition please contact support for assistance in applying security updates.
If you have any questions about this please contact our support team. These security updates will also contain any minor bug fixes that can be included without the need for a full patch.
Checkbox Online receives all security updates automatically.
Security Update 1
- Resolved an issue that prevented slider items with images from loading the images on mobile devices
- Resolved an issue preventing the forcenew=true param from being applied to custom survey URL test links
- Added preview image for the rating item
- Report items with “include options without answers” should now display all options as expected
- Moved font awesome references to the local application to prevent insecure content warnings when using HTTPs
Security Update 2
- Resolved possible directory traversal vulnerability
- Resolved an issue which prevented the saving of matrix column widths
- Resolved XSS vulnerability related to specific types of matrix items
- Resolved potential open redirection vulnerability on login page
Security Update 3
- Forced HTTPs for all Checkbox Online accounts
- Resolved condition issues related to current score of the survey
- Resolved issue where total score would not be exported with “Detailed Scoring Info” selected
- Resolved issues with Other options for Radio, Checkbox, and Drop down items
- Resolved issues where “Invitee” would not be piped into a survey
- Resolved potential security vulnerability in the ResponseDataService.ExportResponseTabular() method
Security Update 4
- Resolved an issue which prevented UserManagementService.GetUsers() from not sorting by Email
- Resolved an issue where conditions based on current score would prevent required items from being required
- Resolved an issue with setting the width of Single Line text items with answer types (numeric, date, etc.)
- Resolved an issue with empty responses not appearing in response exports
- Resolved a compatibility issue with .NET 4.6, Firefox, and exporting files from Checkbox