3.39.25

Bugfixes

  • XSS security fixes – Improvements implemented as a response to customer feedback on XXS-vulnerabilities in Adaptive:
    • XSS: Remove XSS from embedded map (Secured feature)
      • Consequence: should not be able to inject script in config object and from URL API
    • XSS: Replace HTML tags in shares (read/write) (Secured feature)
      • Consequence: Removes any tag-characters when reading already saved map shares and removes any tag-characters when saving new map shares
    • XSS: Remove send printout via email option (Removed feature)
      • Consequence: Removed feature that enabled users to send a printed map directly by email – This to avoid possible XSS-attacks and that sending email from whatever e-mail address through customers SMTP is not best practice.
    • XSS: Remove HTML from user data dataview (Secured feature)
      • Consequence: Vector data added by users in “My data” module is HTML encoded when displayed in dataview