This update provides fixes for a number of security issues, including a security issue of high severity – we recommend updating to this version. These vulnerabilities have been identified in the scope of a security audit we conducted together with an external contractor in November.
You can read more regarding these issue via our related Security Advisories:
- EXP-3167 - Potential Denial of Service due to lack of authentication in REST API Released to Server
- EXP-3169 - SSRF vulnerability in Scroll Exporter apps Released to Server
- EXP-3168 - Insufficient permission checks in export template REST API Released to Server
- EXP-3170 - Disclosure of custom template placeholders Released to Server
Additionally, in this release we have now added a way in which to cancel export request using the REST API. Furthermore, we have added the option for adding links to the Document Sections in custom export templates. Finally, we have also resolved a number of bugs, including the problem which meant that custom column widths that were applied within the Document Sections were not preserved in the generated export.
All updates and fixes in this release