RELEASED: Public: 2019-10-18
Resolved issues
-
Stored XSS in Group description (CTR-735)
Before, stored cross-site scripting (XSS) could be included in group descriptions, so anyone who checked the group description via tooltip would trigger the XSS. With this fix, the plugin now uses MarkupFormatter to transform the content of the group’s description, depending on what is configured in the Global Security section