Convert Forms 2.0.4 security release

Tassos Marinos
Tassos Marinos
Published in Blog
Apr 12 2018
1 min read
Last updated may 14 2024
Convert Forms 2.0.4 security release

This is a security release which addresses a vulnerability reported by one of our users (Paladion Networks Pvt. Ltd) that could be exploited through the Leads exported CSV file opened with Excel or any other similar programs.

The solution implemented to secure the CSV file is to prefix the row values starting with =, +, - or @ with a tab character. In case though, you're trying to use the CSV file in an app that doesn't automatically strip the tab characters, you can turn this option off in the component's configuration page.

Read more information here: https://vel.joomla.org/articles/2140-introducing-csv-injection