This update provides fixes for a number of security issues, including a security issue of high severity – we recommend updating to this version. These vulnerabilities have been identified in the scope of a security audit we conducted together with an external contractor in November.
You can read more regarding these issue via our related Security Advisories:
- EXP-3167 - Potential Denial of Service due to lack of authentication in REST API Released to Server
- EXP-3169 - SSRF vulnerability in Scroll Exporter apps Released to Server
- EXP-3168 - Insufficient permission checks in export template REST API Released to Server
- EXP-3170 - Disclosure of custom template placeholders Released to Server
Additionally, in this release we have now added a way in which to cancel export request using the REST API. Furthermore, in this release we have fixed a number of bugs. This includes fixing the export error that was caused when exporting some types of table content.
All updates and fixes in this release