Addons

Nuxeo Enhanced Viewer Release Notes

Updated: December 16, 2022

What's new in NEV 2.1.4

Summary

This is a security update.

A vulnerability has been reported in Nuxeo Enhanced Viewer where a possible server-side request forgery (SSRF) issue could occur. The Hyland Security team has deployed a mitigation in our cloud instance. We strongly advise self-managed customers to likewise apply the following configuration change to mitigate the risk of this vulnerability while they undergo the deployment process of this release:

Declare or update the UI previewer service environment variable below as follows:

ARENDERSRV_ARENDER_SERVER_URL_PARSERS_BEANNAMES=blobNuxeoURLParser,DocumentIdURLParser

Restart your Nuxeo Enhanced Viewer instance.

This version fixes the issue, and upgrading to this version can be applied in lieu of performing the mitigation steps above.

Noteworthy Changes

Learn More

More information about released changes and fixed bugs is available in our bug tracking tool.


NEV Release Notes Summary

Version Notes
NEV 2.1.2 Bugfix release
NEV 2.1.0 Major observability improvements and bugfixes.
NEV 2.0.0 Major version with new features, UI improvements, architectural changes, bug fixes, and improvements.
NEV 2021.1.1

We'd love to hear your thoughts!

All fields required