JReviews 2.2.06 and Geomaps 4.21 released

[Alejandro]

This is a maintenance release which addresses a few bugs and includes a couple of security fixes so it is important that everyone upgrades to this version. The JReviews build 180 was released yesterday and someone reported an issue with the setup of paid listings plans so we released build 181 today to address this new bug was was an issue with the JReviews release. The Geomaps update only contains one security fix related to the Geomaps module so it's important to upgrade it as well.

 

We weren't able to exploit the SQL injection vulnerability ourselves, so this isn't deemed a highly critical issue, but we are hardening the security in the code nonetheless and we recommend that everyone upgrades asap.

 

Below the changelog:

 

JReviews

 

[tt]

2.2.06.181 - released December 01, 2010

 

#Fixed: Issue affecting paid listings. Category/fields trees in plan creation/setup are broken.

 

2.2.06.180 - released November 29, 2010

 

    @Security: Block potential SQL injection via module params.

@Security: Form data tampering (thanks Gigi for reporting it and suggesting a fix).

#Fixed: JomSocial activity for review comments not working correctly when comment notifications enabled.

#Fixed: Listing type override settings ignored when editing a review.

#Fixed: Broken JomSocial default avatar with JomSocial 2.0.

#Fixed: Click2Add doesn't work correctly with all non-alphanumeric characters, like a russian word.

#Fixed: Cannot use detailed ratings element theme file in listings module.

#Fixed: Unpublished categories visible in submit listing form.

#Fixed: Notices in submit search controller.

#Fixed: $Config object not available for css method in libraries helper.

#Fixed: Tooltip floated right in listing form custom fields.[/tt]

 

Geomaps

 

[tt]0.4.21 - maintenance release - released November 29, 2010

 

    @Security: Block potential SQL injection via module params.[/tt]