3.1.6 released in March 2024, functional tests written on top of Web UI for your projects will require to use NodeJS 18. Please refer to the upgrade notes for detailed information.
Recently Released Changes
What’s New in Web UI for LTS 2023 (Version 3.1.25)
Security Improvements
Prototype Pollution Fix: Addressed risks in deep-merge logic by blocking unsafe keys (proto, constructor) and ensuring only own properties are merged, preventing potential XSS or logic-tampering attacks.
GitHub Actions Permissions: Default permissions restricted to read-only, replacing previous read-write defaults. Write access is now restricted to necessary scopes only.
jsondiffpatch Vulnerability: Resolved XSS vulnerability in jsondiffpatch (via HtmlFormatter) by upgrading from version 0.3.11 to version 0.7.3 and implemented HTML formatting rules to prevent script injection.
Select2 XSS Fix: Patched vulnerability in Select2 version 4.0.5 and below where HTML templates with Ajax-loaded data could allow script injection. Updated Web UI logic now prevents unsafe HTML rendering.
Bug Fixes & Upgrades
Dashboard Layout Consistency: Implemented uniform layout recalculations across dashboard and panels, eliminating extra scrollbars, spacing gaps, and inconsistent component sizing.
Nuxeo Spreadsheet Compatibility: Fixed breaking changes after upgrading Select2 from 3.x to 4.x by updating wrapper classes and replacing deprecated APIs for full compatibility.
PDF.js Upgrade: Updated to version 5.4, enabling better handling of complex PDFs and introducing new features.
Metadata Enhancement: The “Publisher” and “Publish date” fields now accurately reflect the actual publishing of the document, ensuring better clarity and consistency in document lifecycle tracking.
Previous Release Notes
| Version | Summary |
|---|---|
| Web UI 3.1.24 | Bug Fixes & Upgrades. Security Improvements. Includes support ticket resolutions. |
| Web UI 3.1.23 | Enhancements. Security Improvements. Bug Fixes. Includes support ticket resolutions. |
| Web UI 3.1.22 | Accessibility fixes. Includes support ticket resolutions. |
| Web UI 3.1.21 | Accessibility color contrast fixes, Nuxeo Drive Direct Transfer Upload, Veracode vulnerability fix. Includes support ticket resolutions. |
| Web UI 3.1.20 | Node.js 22 upgrade for functional tests, Veracode vulnerability fixes. Includes support ticket resolutions. |
| Web UI 3.1.19 | Accessibility fixes for phase one and Veracode Vulnerability fixes for WebUI and bugfix release |
| Web UI 3.1.18 | Accessibility and Veracode Vulnerability fixes for WebUI and bugfix release |
| Web UI 3.1.17 | Quill RTL Support for WebUI, WEB UI Improvement and bugfix release |
| Web UI 3.1.16 | RTL Support for WebUI, CSP changes and bugfix release |
| Web UI 3.1.15 | CSP changes and improvements release |
| Web UI 3.1.13 | Improvements and bugfix release |
| Web UI 3.1.13 | Security and bugfix release |
| Web UI 3.1.12 | Security and bugfix release |
| Web UI 3.1.11 | WEB UI Improvement and bugfix release |
| Web UI 3.1.10 | Saved searches can be restored and executed when using vocabularies with multiple levels, ellipsis and tooltips prevent long labels from being cut off in selection |
| Web UI 3.1.9 | Security and bugfix release |
| Web UI 3.1.8 | Accessibility improvements and bugfix release |
| Web UI 3.1.7 | Bugfix release |
| Web UI 3.1.6 | NodeJS18 upgrade, accessibility improvements and bugfix release |
| Web UI 3.1.5 | Polymer version upgrade, accessibility improvements and bugfix release |
| Web UI 3.1.4 | Bugfix and accessibility improvements release |
| Web UI 3.1.3 | UI elements keep track of protected properties when a document goes under retention |
| Web UI 3.1.2 | Initial release for Web UI on LTS 2023 |