We're pleased to announce the release of Scroll Viewport 2.20.5, which is a vulnerability fix release.
This release disclose three security issues of high severity. We strongly recommend an upgrade to 2.20.5 as it fixes security vulnerabilities.
The identified XSS vulnerabilities enable attackers to inject content
- through the group name under 'Permissions' in the Viewport configuration
- through the domain name in the Viewport configuration
- thought the variant name in the WebHelp theme and themes based on the WebHelp theme
If you copied the Scroll WebHelp theme, you will not receive the security fixes automatically. You need to update such themes manually.
We recommend you have a look at the respective changes in the public Scroll WebHelp Theme project: https://bitbucket.org/K15t/scroll-webhelp-theme/pull-requests/69
Please refer to the issues listed below for more details.
New Features and Improvements