Nuxeo Enhanced Viewer Release Notes

Updated: December 13, 2022

What's new in NEV 2.1.4


This is a security update.

A vulnerability has been reported in Nuxeo Enhanced Viewer where a possible server-side request forgery (SSRF) issue could occur. The Hyland Security team has deployed a mitigation in our cloud instance. We strongly advise self-managed customers to likewise apply the following configuration change to mitigate the risk of this vulnerability while they undergo the deployment process of this release:

Declare or update the UI previewer service environment variable below as follows:


Restart your Nuxeo Enhanced Viewer instance.

This version fixes the issue, and upgrading to this version can be applied in lieu of performing the mitigation steps above.

Noteworthy Changes

Learn More

More information about released changes and fixed bugs is available in our bug tracking tool.

NEV Release Notes Summary

Version Notes
NEV 2.1.3 Authenticate to NEV without being authenticated in Web UI.
NEV 2.1.1 and 2.1.2 Bugfix releases.
NEV 2.1.0 Major observability improvements and bugfixes.
NEV 2.0.0 Major version with new features, UI improvements, architectural changes, bug fixes, and improvements.
NEV 10.6.11 Log4j vulnerabilities (CVE-2021-45046) remediation.

We'd love to hear your thoughts!

All fields required