October 2022

We're pleased to announce the release of Scroll Viewport 2.20.5, which is a vulnerability fix release.

This release disclose three security issues of high severity. We strongly recommend an upgrade to 2.20.5 as it fixes security vulnerabilities.

The identified XSS vulnerabilities enable attackers to inject content

  • through the group name under 'Permissions' in the Viewport configuration
  • through the domain name in the Viewport configuration
  • thought the variant name in the WebHelp theme and themes based on the WebHelp theme

that can execute JavaScript code within Viewport.

If you copied the Scroll WebHelp theme, you will not receive the security fixes automatically. You need to update such themes manually.

We recommend you have a look at the respective changes in the public Scroll WebHelp Theme project: https://bitbucket.org/K15t/scroll-webhelp-theme/pull-requests/69

Please refer to the issues listed below for more details.


New Features and Improvements

T Key Summary Status Resolution
Loading...
Refresh

Bugs Fixed

T Key Summary Status Resolution
Loading...
Refresh