ESFC - Aug 2024

1 Summary
- 1.1 Improvements
  - 1.1.1 Increased CSV export row limit IMPROVED
  - 1.1.2 Improved “Show Author” Option IMPROVED
- 1.2 Bug Fixes
  - 1.2.1 Fixed incorrect characters in page FIXED
  - 1.2.2 Fixed infinite loading screen FIXED
  - 1.2.3 Fixed external shared link issue FIXED
  - 1.2.4 Fixed unstable comment tab on shared pages FIXED
  - 1.2.5 Fixed vulnerabilities FIXED

Summary

In this release, we have improved CSV export functionality, introduced "Show Author" option with separate controls. We also fixed several bugs, including issues with incorrect characters in page names, vulnerabilities in external shares. Additionally, display issues and stability in the comment tab on shared pages were resolved for better user experience.

Improvements

Increased CSV export row limit IMPROVED

We improved the CSV export functionality by increasing the maximum number of rows that can be exported.

Improved “Show Author” Option IMPROVED

In the Customize tab, the “Show Author” option is now split into “Show Avatar” and “Show Author Info”, allowing users to hide avatars but still display the author's name.

Bug Fixes

Fixed incorrect characters in page FIXED

We have fixed an issue where page names in the Activity Tab appeared with incorrect characters, such as "@". Additionally, the dropdown menu was non-functional, preventing users from selecting page suggestions. Both issues have been resolved.

Fixed infinite loading screen FIXED

When users try to export a CSV file from the global settings page, an infinite loading screen appeared. This was fixed and fetching data mechanism was improved.

Fixed external shared link issue FIXED

We addressed a display issue where inserting an external share URL in edit mode would cause the URL window to be cut off. Now, the window is fully visible.

Fixed unstable comment tab on shared pages FIXED

We fixed an issue where the comment tab on shared pages was unsteady. It now loads smoothly, with additional improvements to prevent white flashes when loading the edit view, especially in dark mode.

Fixed vulnerabilities FIXED

We have fixed vulnerability where attackers could regenerate information for external shares.
Fixed an XSS vulnerability where attackers could inject malicious code on the API Key Usage page.
A vulnerability allowing attackers to redirect users to malicious websites through the login URL has been fixed.
Fixed a vulnerability where lower-privileged users could access the activity logs of private space shares.