Vulnerability in EPiServer.Forms
We upgraded to EPiServer.Forms 5.5.0 and did not verify e-mails from forms before going live.
If we try a new form and put in variables they get formatted with :: instead of the old #-markers seemingly making old placeholder markers not work, e-mails show up without replacement made.
Example of new insert vs. before:::Sammanställning av samtliga svar::#Sammanställning av samtliga svar#
Suspect that this is related to this item:https://world.optimizely.com/documentation/Release-Notes/ReleaseNote/?releaseNoteId=AFORM-3260
Is there is some kind of announcement/guide/documentation available on what to do after getting this update?
Are we expected to edit all placeholders?
Hi Johan, we're so sorry for this inconvenience. We're working on a hotfix and will release a new version (5.5.1) very soon to fix this issue. With the hotfix, both placeholder formats will work, but I still recommend using the new one (with ::).The bug https://world.optimizely.com/support/bug-list/bug/AFORM-3330
Forms 5.5.1 is now available in our public feed https://nuget.optimizely.com/package/?id=EPiServer.Forms please update your Forms. Thanks.