Locked Down — A Comprehensive Security Hardening Release
New Features
No new features in this release.
Feature Updates
No feature updates in this release.
Feature Enhancements
- Credentials & Environment Key Management: Migrated environment keys and secrets into the Rails credentials file, removing loose environment and secrets files for improved security hygiene. Environment-specific .env files are now excluded from version control and deployment uploads.
- Staging Worker Queue: Added queue support to the staging worker for improved background job handling.
Bug Fixes
- Addressed regex vulnerability exposure.
- Fixed Remote Code Execution (RCE) and parameter bypass vulnerabilities.
- Fixed mass assignment vulnerabilities.
- Fixed XSS (Cross-Site Scripting) security risks.
- Fixed intermittent upload failures caused by nil site reference in multi-tenancy environment.
- Fixed a bug that auto-dismissed modals on failure.
Release List
-
Version 5.67 - Image Title Requirement
-
Version 5.66 - Facebook and Twitter Login Update
-
Version 5.65 - Facebook and Twitter Login for subscribers and students
