Follow

Changelog 10.10.1

GX WebManager 10.10.1

Issue

[GXWM-31120] - Alternative path containing non-alphanumeric characters causes 404 on front-end
[GXWM-31158] - Naming a channel with a script tag results in an inaccessible editor environment
[GXWM-31168] - Breadcrumb has disappeared from Advanced Search
[GXWM-31179] - Rendering by editable tag without render tag cannot handle our incorrect HTML
[GXWM-31189] - Special characters in NL interface rendered incorrectly
[GXWM-31194] - XSS Vulnerability in Discussion module
[GXWM-31232] - XSS issue in the website title on login page
[GXWM-31233] - XSS issue in Forum Presentation via Language Labels
[GXWM-31250] - Upgrade.txt contains incorrect information about upgrading to 10.10.y or higher
[GXWM-31257] - XSS issue in Name and label of E-card
[GXWM-31258] - XSS issue in the JCR Browser
[GXWM-31268] - Session cookie reveals whether a username is valid or not
[GXWM-31269] - Passwords are logged on login
[GXWM-31273] - Possible to list all all users
[GXWM-31283] - Improve escaping in the /web/admin/log tool
[GXWM-31322] - HTML in the Plugin panel is wrong
[GXWM-31333] - Unable to remove files in FileBrowser
[GXWM-31375] - IAF xmlescape tag does not work with L codes and/or personalization
[GXWM-31378] - Frontend escaping used in backend JSPs
[GXWM-31386] - Error when trying to add a Dynamic Content Overview
[GXWM-31390] - Personalization tags do not work properly
[GXWM-31392] - XC tags (l code and wm) not properly replaced with Render tag
[GXWM-31186] - Link scheme filtering is too strict

Documentation

[GXWM-31173] - Document the fact that element dialogs are now resizable.
[GXWM-31286] - Upgrade.txt refers to incorrect taglib prefix in upgrade to 10.10 information Improvement
[GXWM-31195] - Secure content import/export
[GXWM-31196] - Setup tool is vulnerable to XSS via user name
[GXWM-31197] - Setup tool is vulnerable to XSS via channel id/name
[GXWM-31266] - Enforce password strength in Authorization Management panel
[GXWM-31274] - Possible to appear to be someone else by changing personal information
[GXWM-31282] - Require user to change password after password reset
[GXWM-31311] - User can skip changing its password when requested to

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request