After installing K2 5.3 FP 6, form and view parameters values were URL decoded twice. This caused functional issues depending on the form or views designed with parameters and impacted security. In workflows the user tasks did not correctly URL encode the worklist item URL’s parameters if the parameter value contained special characters such as &, / and ?. Certain special characters like % and £ were also incorrectly double URL encoded.
The fix is available in the following K2 versions:
|K2 4.7 March 2018 Cumulative Update||K2 Five (5.0) September 2018 Cumulative Update||K2 Five (5.1) November 2018 Cumulative Update||K2 Five (5.2) May 2019 Cumulative Update||K2 Five (5.3)|
|X||X||X||X||Fix Pack 28|
K2 5.3 Fix Pack 6 contained a fix described in https://help.k2.com/kb003222, note that after installing Fix Pack 28 your running instances containing the Pound symbol will no longer be decoded correctly. To workaround this issue start a new instance of the workflow to obtain the correct decoding, or contact support for a script that updates all running instances in the K2 Database.