Skip to content

v2.4.0
Compare
Choose a tag to compare
@yoshdog yoshdog released this 02 Jul 11:01
· 43 commits to master since this release
v2.4.0
b31346d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Resolves the following security vulnerabilities:

  • Update Zendesk API Token and Provision Token: #155
  • Escape user input when generating autocompelete list HTML to avoid XSS attacks: #157
  • Redact JWT token from logs: #158
  • Redirect to default unauthorised zendesk url when SSO is disabled: #159
  • Ensure we don't generate SSO JWT Tokens when feature is disabled: #160

Credit to Jason Woods (@driskell) from Other Media for uncovering the issues.

All customers are requested to download and install this or later versions of the extension.

Assets 2
Loading