DaDaBIK logo DaDaBIK®

Blog

DaDaBIK 7.3.3 is out, vulnerabilities fixed

Posted by Eugenio on 26 Jul 2016

Dear all,
DaDaBIK 7.3.3 is out.

This is a maintenance release that fixes an important vulnerability discovered in the last days.

First of all, the vulnerability we fixed with DaDaBIK 7.3 (back in May) was even worst as we described: in addition to what we said, we must say that an authenticated user (or a user of a DaDaBIK application having authentication disabled) could execute arbitrary SQL queries (even INSERT/DELETE/UPDATE) on the DaDaBIK database (or on other databases if the database user used by DaDaBIK had the needed permissions).

The vulnerability WAS actually fixed with DaDaBIK 7.3. Another similar vulnerability, however, was found in the last days; this one fixed by this 7.3.3; again, the vulnerability allowed an attacker to execute arbitrary queries on the DaDaBIK database or on other databases (if the database user used by DaDaBIK had the needed permissions). In this case, if authentication was enabled, not only the attacker needed to be authenticated to exploit the vulnerability, but also he/she needed to belong to the administrators group.

This will probably be the last 7.x version; as you can see, we have focused on security in the last weeks while the upcoming version 8 will have many BIG new features.

Version 8 will be probably published in Autumn, for sure before the end of 2016 so If you buy DaDaBIK 7.3.3 PRO or ENTERPRISE now, you'll get DaDaBIK 8 as a free upgrade.

As usual, if you are in your free upgrade timeframe (1 year for DaDaBIK Enterprise, 6 months for DaDaBIK PRO), you can request your free copy from the upgrade page.

If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 7.3.3 by purchasing a maintenance license (€65), which also provides you with an additional year of free upgrade (email support@dadabik.org to get the instructions).

One more thing: during the last months we have experienced a problem with our mailing system, due to a technical incompatibility between Sendy (the tool we use to send newsletters) and the CURL version used by our hosting provider. The problem is now fixed but the result is that some users (fortunately just a small fraction) haven't received one or more newsletters. Since some of them were related to important security-related issues, please check the blog page to get informed about our past communications. I also suggest you to follow DaDaBIK on Facebook and on Twitter, we always post there important news.

Best,

Eugenio Tacchini
DaDaBIK founder

DaDaBIK 7.3.2 is out

Posted by Eugenio on 6 Jul 2016

Dear all,
DaDaBIK 7.3.2 is out. This version fixes some bugs, most of them related to the "export to CSV" feature. Apart from the bugs fixed, the performances have also been improved: the performance gain depends on the number of columns but for a typical table, the CSV build process can be 7x faster than before. See the change log for all the details.

As usual, if you are in your free upgrade timeframe (1 year for DaDaBIK Enterprise, 6 months for DaDaBIK PRO), you can request your free copy from the upgrade page.

If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 7.3.2 by purchasing a maintenance license (€65), which also provides you with an additional year of free upgrade (email support@dadabik.org to get the instructions).

The development of DaDaBIK 8 is going well, thanks to everybody who contributed to the DaDaBIK 8 Desiderata and to the post about the GUI.

I am trying to understand more and more how people use DaDaBIK, in order to provide a V.8 in line with your current and future needs; If you like, I ask you to spend two minutes of your time to write us (info@dadabik.org) and tell us something about the applications you have created with DaDaBIK (what they do, the kind of data you manage, the limitations you have found ... ). If you want to also add a URL, it would be even better.

Thanks!

Eugenio Tacchini
DaDaBIK founder




DaDaBIK 7.3.1 is out

Posted by Eugenio on 7 Jun 2016

Dear all,
DaDaBIK 7.3.1 is out. This version fixes a couple of bugs related to version 7.3 and clarify in the documentation a known bug. See the change log for all the details.

If you don't want to go through the upgrade process, you can also apply the patches explained here here and here. If you just apply the patches, your DaDaBIK installation will still appear to be a 7.3 but this doesn't affect how the application works.

I am working a lot on DaDaBIK 8, thanks to everybody who contributed to the DaDaBIK 8 Desiderata. Now most of the features that will be included in DaDaBIK 8 are clear in my mind. I still have some question marks about the graphic interface, therefore I wrote a post here to discuss the changes with you. It would be VERY useful if you comment the post writing what you think.

Have a great summer,

Eugenio Tacchini
DaDaBIK founder




The new DaDaBIK 7.3 is out, an important vulnerability fixed

Posted by Eugenio on 24 May 2016

Dear all,
DaDaBIK 7.3 is out. This release fixes some bugs and add a few new minor features.

In particular, it contains a fix for an important SQL injection vulnerability which allowed an authenticated attacker to see unauthorized data, even coming from a different database. It is very important for you to read all the details in the changelog. The fix for this vulnerability is also available as a separate patch here.


In the changelog you will also find the other bugs fixed and the new features, including the possibility to change the language on the fly and an improved installation procedure ( meaningful error messages, $site_url and $site_path not required anymore, ...).


As usual, if you are in your free upgrade timeframe (1 year for DaDaBIK Enterprise, 6 months for DaDaBIK PRO), you can request your free copy from the upgrade page. The upgrade process has been redesigned, you can now download the new new version by yourself, without waiting for an email.



If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 7.3 by purchasing a maintenance license (€65), which also provides you with an additional year of free upgrade (email support@dadabik.org to get the instructions).



Finally, DaDaBIK 8 is still under heavy development and the DaDaBIK 8 Desiderata document is still available for you to vote for the next features to implement and propose additional features. Please take a few minutes to add your contribute.


Best,

Eugenio Tacchini
DaDaBIK founder




The new DaDaBIK 7.2 is out: a severe bug fixed, improved performances and a trial version

Posted by Eugenio on 16 Mar 2016

Dear all,
DaDaBIK 7.2 is out. It is mainly a maintenance release, which fixes several bugs including a severe bug related to files upload: in some situations, DaDaBIK linked a record not with the file uploaded by the user but with another one, having the same original filename. You can read all the details and the list of changes here.

We have also improved performances: a results grid is now shown faster than before; the more records per page you display, the more you will notice the difference: for example with 100 records per page the amount of time needed to display a results grid has decreased by about 37%.

Finally, we have now a trial version that you can download for free, it has some feature limitations, it expires after 15 days and you don't get the full, unencrypted source code as it happens with DaDaBIK Pro and DaDaBIK ENTERPRISE. You can see the differences between Trial, Pro and ENTERPRISE here.

As we did for v. 7.1, to promote the adoption of the new DaDaBIK 7.2 Enterprise, for just 7 days (until March 23th) IT WILL BE ON SALE AT €95 instead of €160.

You can buy DaDaBIK 7.2 here.

As usual, if you are in your free upgrade timeframe (1 year for DaDaBIK Enterprise, 6 months for DaDaBIK PRO), you can request your free copy from the upgrade page.

If you have a DaDaBIK ENTERPRISE license and you are out of your free upgrade timeframe, you can also get DaDaBIK 7.2 by purchasing a maintenance license (€65), which also provides you with an additional year of free upgrade (email support@dadabik.org to get the instructions).


Best,

Eugenio Tacchini
DaDaBIK founder




Page 10 of 27
1  2  3  4  5  6  7  8  9  10  >  >>  

Top