Note: This patch is specific to Laserfiche Forms 9.2.1 Update 2, and can not be applied to a Laserfiche Forms 9.2.1 (9.2.1.1069) installation. If you are on Laserfiche Forms 9.2.1 (9.2.1.1069), please upgrade to Laserfiche Forms 9.2.1 Update 2 before applying this hotfix.
This article details the list of changes for Laserfiche Forms 9.2.1 Hotfix 3.
The following changes have been made to address the Laserfiche Forms Portal File Upload Vulnerability.
- Public users no longer have the option to download a copy of the file that they uploaded. (324708, 339722)
- Enhancements to prevent files types not in the "File extensions allowed" option from being uploaded. (298692)
The update includes the following files:
- \Config\bin\EntityModels.dll (9.2.1.1208)
- \Forms\bin\E-Forms.dll (9.2.1.1208)
- \Forms\bin\EntityModels.dll (9.2.1.1208)
- \Forms\js\form\forms.js (Last modified on 9/17/2021)
- \Forms\js\fileupload.js (Last modified on 9/17/2021)
- \Forms\Views\Form\_FormLayout.cshtml (Last modified on 9/17/2021)
Click the following link to download a ZIP file containing hotfix 3 for Laserfiche Forms 9.2.1 Update 2.
KB1014336.zip
- Extract the files from the ZIP file to a temporary location on the server hosting Laserfiche Forms 9.2.1 Update 2.
- Create a backup of the existing files under "C:\Program Files\Laserfiche\Laserfiche Forms" corresponding to the ones provided in the ZIP file.
- Stop the Laserfiche Forms Routing Service.
- Copy the Forms and Config folders contained in this zip file to C:\Program Files\Laserfiche\Laserfiche Forms and merge with existing folders.
- Start the Laserfiche Forms Routing Service.
Laserfiche Forms Portal File Upload Vulnerability
List of Changes for Laserfiche Forms 9.2.1 Update 2
Release Notes for Laserfiche Forms 9.2.1
List of Changes for Laserfiche Forms 9.2.1