What's new in NEV 2.1.4
This is a security update.
A vulnerability has been reported in Nuxeo Enhanced Viewer where a possible server-side request forgery (SSRF) issue could occur. The Hyland Security team has deployed a mitigation in our cloud instance. We strongly advise self-managed customers to likewise apply the following configuration change to mitigate the risk of this vulnerability while they undergo the deployment process of this release:
Declare or update the UI previewer service environment variable below as follows:
Restart your Nuxeo Enhanced Viewer instance.
This version fixes the issue, and upgrading to this version can be applied in lieu of performing the mitigation steps above.
- Fixed a security issue.
More information about released changes and fixed bugs is available in our bug tracking tool.
NEV Release Notes Summary
|NEV 2.1.3||Authenticate to NEV without being authenticated in Web UI.|
|NEV 2.1.1 and 2.1.2||Bugfix releases.|
|NEV 2.1.0||Major observability improvements and bugfixes.|
|NEV 2.0.0||Major version with new features, UI improvements, architectural changes, bug fixes, and improvements.|
|NEV 10.6.11||Log4j vulnerabilities (CVE-2021-45046) remediation.|