Bug Fixes and Improvements

All Editions

[ FIXED ]        PLUGIN     : Plugin Manager - Plugin file change monitor should only reload changed plugin.
[ FIXED ]        SECURITY   : CSRF token is passed in Form Builder preview URL.
[ FIXED ]        SECURITY   : Possible remote code execution using JSON parameter in form and list grid.
[ FIXED ]        CORE       : Fixed nonce verification not working when comparing different number of attributes.
[ FIXED ]        CORE       : Creating new process does not set the new process's process start white list to admin only by default.
[ ADDED ]        CORE       : Progressive/Universal/Xadmin Theme - Display userview category label even though the category only has 1 menu in it.
[ FIXED ]        CORE       : Fixed radio button and checkbox having outline on 1st option on focus.
[ MODIFIED ]     CORE       : Lazy load PushServiceUtil initialization to improve startup speed.
[ FIXED ]        SECURITY   : CSRF token is passed in URL.
[ FIXED ]        CORE       : Missing selected indicator when having multiple select boxes.
[ FIXED ]        CORE       : FormPdfUtil - Correction on Grid having extra column in header row.
[ FIXED ]        CORE       : FormPdfUtil - Grid having extra column in header row.
[ FIXED ]        CORE       : FormPdfUtil - Label with `&` char does not escape correctly.

Professional, Enterprise & Cloud Editions

[ MODIFIED ]     PLUGIN     : Security - Possible remote code execution using JSON parameter in advanced grid.
[ FIXED ]        PLUGIN     : Security - Possible remote code execution using JSON parameter in form and list grid.
[ MODIFIED ]     PLUGIN     : Updated to session-based nonce implementation as default to support non-sticky sessions.
[ FIXED ]        PLUGIN     : Fixed nonce verification not working when comparing different number of attributes.
[ ADDED ]        CORE       : Janux Theme - Display userview category label even though the category only has 1 menu in it.
[ MODIFIED ]     CLOUD      : Updated build-cloud.xml to support MySQL 8.
[ FIXED ]        SECURITY   : CSRF token is passed in URL.
[ FIXED ]        CORE       : Protected Readonly App - "Licensed to" matches app can be edit even if you are not the licensor.
[ FIXED ]        PLUGIN     : Import Menu/Tool - Regression on Update POI to 4.1.2 for vulnerability CVE-2019-12415 & XML Beans to 3.1.0 for vulnerability CVE-2021-23926. 
                              Formatted cell is handled differently after changes.


  • No labels