ISL Conference Proxy module for Windows and Linux (2014-09-23)


General Information

On 23rd of September 2014 the following was released:


  • ISL Groop 3.0.5 (release_date=2014-07-23, revision=36276)

Update availability

All updates have release date set to 2014-07-23. Your ESS will need to be same or higher to be able to update your server. This release is available to all countries except Japan.

Upgrading to new version

This are server side updates so hosted service users do not need to do anything.

Server license users please check Upgrading Server License


New features

ISL Groop - Module - Use new file override framework  [ISLGROOP-476] More


Removed custom implementation of overrides for user pages in ISL Groop module. Previous version of the module supported separate overriding functionality of user pages, the new module supports only the standard override method which is also used by other modules. The new feature also fixes a security issue found in ISL Groop overriding files functionality.

Example of new implementation usage:

objects/web_content_[_subtemplate_SUBTEMPLATE_]FILEBASE_VERSION.FILEENDING (objects/web_content_usersxyzbubu_1.html)

LSE Leading Security Experts GmbH opened a CVE-2014-7165 which is resolved with this feature being implemented.

Defect fixes

ISL Groop - Module - XSS HTML injection is possible in input fields [ISLGROOP-477] More


Input fields in ISL Groop web interface did not correctly escape HTML content, thus XSS HTML injection was possible. All input fields are now correctly escaped eliminating the option for XSS HTML injection.

The defect was fixed.

LSE Leading Security Experts GmbH opened a CVE-2014-7166 which is resolved with this defect fix.

Was this article helpful?