XperienCentral R29.3Release date: December 2, 2020
| Note |
|---|
Minimum Version Required for Upgrading to XperienCentral R29.3Upgrading to XperienCentral R29.3 requires a minimum version of R26. If you are upgrading from XperienCentral R25 or lower, you must first upgrade to R26 and then upgrade to XperienCentral R29.3. |
XSS Features- In XperienCentral R29.3, extended protections against XSS vulnerabilities have been introduced. A number of input fields in XperienCentral are now more rigorously validated against known XSS attacks. If the value of an input field is forbidden, the old value of the input field will remain unchanged and the upgrade is ignored. You can of course still allow this sort of input by adding it to a trusted list, however GX Software strongly recommends against doing so.
- When input fields contain unsafe input before the upgrade, the content of these fields remains unchanged after the upgrade. If the content of one of these input fields is subsequently changed to other content considered unsafe, the updated content is ignored and the old (unsafe) content will remain.
External Application Support- The External Applications module has been removed from XperienCentral in version R29.3. Because that also removes the
xslStyleSheetApplicationInclude.xml presentation, all references to this presentation should be manually removed from your project. For example, in the XperienCentral Community Edition plugin's xslStyleSheet.jspf file, the following line is removed:
<wm:render presentationName="xslStyleSheetApplicationInclude" />
Uploaded File Handling- A new Apache rule should be added when upgrading to R29.3 in order to prevent uploaded files from being be opened inside the browser. Add the following rule to the Apache
httpd.conf file:
<Location ~ "(/upload|/upload_mm)">
Header set Content-Disposition "attachment"
</Location> See also Linux Server Installation.
|