Originally the projectdoc Toolbox was designed for small teams of developers where the team had full access to the server. Therefore making use cases possible had been the main concern at first. So we were for instance allowing any protocol for a HTTP request to enable the team to access their ressource. This has changed since larger companies started to use the projectdoc Toolbox for the information architecture. As a preparation step for data center support this release removes a couple of security related issues. The attacker needed to have write access privileges to pages to take advantage of these issues. To not break existing API this version introduces strict HTML rendering as a feature required to actively turned on. In the next major version this feature is activated by default. Caution Box |
---|
title | Strict HTML Encoding recommended |
---|
| It is recommended to set the system property Static Document Link |
---|
document | Strict HTML Encoding |
---|
label | ${Identifier} |
---|
| to true .Please check if you are using lax encoding with render templates, such as in the Select Parameter of the Static Document Link |
---|
document | Display Table Macro |
---|
| . |
The following issues fall into this category. Jira |
---|
server | smartics JIRA |
---|
columnIds | issuekey,summary,issuetype,priority,description |
---|
columns | key,summary,type,priority,description |
---|
maximumIssues | 1000 |
---|
jqlQuery | project = 'projectdoc Toolbox' && (fixVersion IN ('4.13.0', '4.13.1')) && "Quality"="Security" ORDER BY priority DESC, type DESC |
---|
serverId | 79ad43bc-d289-364e-bfc7-46c09847bebd |
---|
|
|