Skip to content

7.9.0

Compare
Choose a tag to compare
@github-actions github-actions released this 08 Nov 08:42
· 173 commits to master since this release

This release contains a breaking change. Due to security reasons content policy headers where added to prevent script execution for assets. If you have uploaded html files with scripts as assets, this will not work anymore. There is no fallback, you haveto upload your files to another location like a github repository. We might remove the header if we have a better solution for that.

Fixed

  • Events: Fixes the query to use the correct index.
  • Rules: Fix the UI for content trigger to always show the schem names.

Changed

Added

  • GraphQL: Add the schema name to component types.

Security

  • CVE-2023-46253 / Assets: Fix a bug where an asset could be written outside the app folder: GHSA-phqq-8g7v-3pg5
  • CVE-2023-46252 / Editor: Remove the editor js sample from the file system, because it allows to execute arbitrary JavaScript code in the context of a user authenticated to Squidex: GHSA-7q4f-fprr-5jw8
  • CVE-2023-46857 / Assets: Incorrect SVG filtering. Implemented a more restrict filter: GHSA-xfr4-qg2v-7v5m