A security update for version 2017 Q2 has been applied for Checkbox Online (hosted) customers and is now available for Checkbox Server (on-premises) customers.
If you have any questions about the update, please contact our support team. These security updates will also contain any minor bug fixes that can be included without the need for a full patch.
How to apply the update (Server customers only):
Versions before 2017 Q2
If you have not already updated to 2017 Q2, then you need to take no additional action other than to follow the patch guide to 2017 Q2.
Currently on 2017 Q2
If you have already updated to 2017 Q2 before the date of the update’s release, then you can apply the update by overwriting all files in your installation except the web.config file and the config folder. Unlike patches, these security updates can be implemented without disabling HTTPs.
The security updates are built into 2017 Q2. To download them you can log into the customer support area, and re-download 2017 Q2 on the right-hand side.
If you are using the SDK / Developer edition please contact support for assistance in applying security updates.
Details on Security Update 1
Released on 7/13/2017
- Resolved a potential security vulnerability for respondents when using JWT authentication
- Resolved an issue preventing patching to 2017 Q2 without an internet connection
- Resolved an issue preventing the SPSS Key from including Open Ended Questions
- Removed several leftover “Beta” phrases
- Resolved an issue preventing the Single Line Item : Date Format calendar popup from closing after a date has been selected
- [Web Services] Resolved an issue with ResponseDataService.ExportResponseTabular that could prevent answers from being exported for edited responses