Skip to content

Draft: Hotfix 6268 (do not merge)

frank.paczynski requested to merge hotfix-6268 into master

Preview

https://frontend-core-hotfix-6268.k3s.os2.oxui.de/appsuite/

Fixes

  • Security: OXUIB-2660: XSS for RSS content using data attributes
  • Security: OXUIB-2688: XSS using "data" attributes at upsell shop
  • Security: OXUIB-2689: XSS using tasks "original mail" references
  • Fix: OXUIB-2480: Action buttons in contacts detail view hard-coded to Zoom and Jitsi
  • Fix: OXUIB-2650: Sharing options of personal address book disabled
  • Fix: OXUIB-2663: XSS using data- attributes at upsell ads
  • Fix: OXUIB-2693: Context/User level logout location config.
  • Fix: OXUIB-2704: Missing contact in compose auto-complete

Chores

  • Security: Update different dependencies
  • Bump codecept-horizontal-scaler from v0.1.2 to 0.1.4
  • Backport of fixed ci and e2e
  • Update of license headers
  • Chore ui#125: Resolve potential insecure usage of .html()
Edited by frank.paczynski

Merge request reports