This is a security update.
A vulnerability has been reported in Nuxeo Enhanced Viewer where a possible server-side request forgery (SSRF) issue could occur. The Hyland Security team has deployed a mitigation in our cloud instance. We strongly advise self-managed customers to likewise apply the following configuration change to mitigate the risk of this vulnerability while they undergo the deployment process of this release:
Declare or update the UI previewer service environment variable below as follows:
Restart your Nuxeo Enhanced Viewer instance.
This version fixes the issue, and upgrading to this version can be applied in lieu of performing the mitigation steps above.
- Fixed a security issue.
More information about released changes and fixed bugs is available in our bug tracking tool.