Skip to main content
Nintex Community Menu Bar
 

Code Fix: Security improvement form and view parameters values.

KB003409

PRODUCT
K2 Five 5.2
K2 Five (5.2) May 2019 Cumulative Update
K2 Five (5.2) May 2019 Cumulative Update Fix Pack 22

 

Issue Description

After installing K2 Five (5.2) May 2019 Cumulative Update Fix Pack 2, form and view parameters values were URL decoded twice. This caused functional issues depending on the form or views designed with parameters and impacted security. In workflows the user tasks did not correctly URL encode the worklist item URL’s parameters if the parameter value contained special characters such as &, / and ?. Certain special characters like % and £ were also incorrectly double URL encoded.

Resolution

The fix is available in the following K2 versions:

K2 4.7 March 2018 Cumulative Update K2 Five (5.0) September 2018 Cumulative Update K2 Five (5.1) November 2018 Cumulative Update K2 Five (5.2) May 2019 Cumulative Update K2 Five (5.3)
X X X Fix Pack 22 Fix Pack 28
  1. Ensure you have the correct K2 version and/or Cumulative Update installed. See KB001893 to see what Fix Pack level you have installed.
  2. Download the latest Fix Pack using the links in the table above for the version you require.
  3. Install the Fix Pack to apply the fix.
  4. It is recommended to refresh the browser cache.

Considerations

K2 Five (5.2) May 2019 Cumulative Update Fix Pack 2 contained a fix described in https://help.k2.com/kb003203, note that after installing K2 Five (5.2) May 2019 Cumulative Update Fix Pack 22 your running instances containing the Pound symbol will no longer be decoded correctly. To workaround this issue start a new instance of the workflow to obtain the correct decoding, or contact support for a script that updates all running instances in the K2 Database.

 

Be the first to reply!