ISL Conference Proxy 4.0.2 with modules for Windows and Linux (2014-10-09)

 

General Information

On 9th of October the following was released: :

  • ISL Conference Proxy 4.0.2 for Windows 32bit (Platform=win32, Revision=36575, release_date=2014-07-23, os_version=0x5020000-0x7fffffff)
  • ISL Conference Proxy 4.0.2 for Windows 64bit (Platform=win64, Revision=36575, release_date=2014-07-23, os_version=0x5020000-0x7fffffff)
  • ISL Conference Proxy 4.0.2 for Linux 32bit (Platform=linux, Revision=36575, release_date=2014-07-23)
  • ISL Conference Proxy 4.0.2 for Linux 64bit (Platform=linux64, Revision=36575, release_date=2014-07-23)

Modules

  • ISL Light 4.0.1 (release_date=2014-07-23, revision=36450)
  • ISL Groop 3.0.6 (release_date=2014-07-23, revision=36560)
  • Reports 1.0.1 (release_date=2014-07-23, revision=36502)

Update availability

All updates have release date set to 2014-07-23. Your ESS will need to be same or higher to be able to update your server. This release is available to all countries except Japan.

Upgrading to new version

This are server side updates so hosted service users do not need to do anything.

Server license users please check Upgrading Server License

Improvements

Defect fixes

ISL Conference Proxy - Core - problematic %= escaping [ISLCONFPROXY-459] More

Description

Input fields in password reset were not correctly escaped which would enable users to execute XSS HTML inject. Input fields are now correctly escaped, disabling the option for XSS HTML injection.

The defect was fixed.

ISL Conference Proxy - Core - Security update of external libraries [ISLCONFPROXY-463] More

Description

Some of the external libraries which are used when using custom program icons were outdated and presented possible security vulnerabilities. The external libraries were updated.

The defect was fixed.

ISL Conference Proxy - Core - remove CSRF in /conf [ISLCONFPROXY-467] More

Description

Protection against CSRF was added to ISL Conference Proxy.

LSE Leading Security Experts GmbH opened a CVE-2014-7162 which is resolved with this feature being implemented.

ISL Conference Proxy - Core - web admin insecure redirect handling [ISLCONFPROXY-476] More

Description

Users were able to perform insecure redirect on web admin console of ISL Conference Proxy. The insecure redirect is now secured with a signature.

The defect was fixed.

LSE Leading Security Experts GmbH opened a CVE-2014-7163 which is resolved with this defect fix.

ISL Conference Proxy - Core - dt grid sync deadlock [ISLCONFPROXY-485] More

Description

ISL Conference Proxy could start restarting when performing a long direct tables sync between servers. Since the sync took a long time, watchdog assumed that the process is in a deadlock state, thus restarting the server. When sync is in progress, database would notify watchdog that it is still working and not in a deadlock thus preventing restart of ISL Conference Proxy.

The defect was fixed.

- Reports

ISL Conference Proxy - Reports - Broken layout on lower resolution (1024x768) [ISLCONFPROXY-456] More

Description

Users may have experienced corrupted layout of live chat reports on monitors with resolution set to 1024x768 or lower. The top table did not include scrollbar, users were unable to scroll through content. Content on low resolution monitors is now displayed correctly.

The defect was fixed.

ISL Conference Proxy - Reports - Chat transcript page not working due to missing files [ISLCONFPROXY-457] More

Description

When users clicked on the "open" link to see chat transcript in live chat reports a broken page was displayed. Some of the needed files were missing in Reports module. Missing files were added to the module, the page is now shown correctly.

The defect was fixed.

ISL Conference Proxy - Reports - You should not be able to view chat transcript of missed chats [ISLCONFPROXY-470] More

Description

Users were able to view chat transcript of missed chats. Since the content of the transcript was empty, a javascript error was produced. Users are now no longer able to view chat transcripts of missed chats.

The defect was fixed.

ISL Conference Proxy - Reports - External id should be displayed if it has a value ( chat transcript )  [ISLCONFPROXY-471] More

Description

External id field in Live chat transcript webpage was displayed even if it did not have a value. The external id is now displayed only when it has a value.

The defect was fixed.

ISL Conference Proxy - Reports - start a chat with yourself - broken chat transcript [ISLCONFPROXY-472] More

Description

Users who started a chat with themselves were unable to view chat transcript of this chat. There was a Javascript error which caused the broken webpage. Showing chats with one operator was redesigned, users should be able to view the transcript normally.

The defect was fixed.

ISL Conference Proxy - Reports - Some of the files are missing [ISLCONFPROXY-473] More

Description

Users may have noticed some missing icons when picking date in reports ( Live chat and Remote Support ). The missing files were added to ISL Conference Proxy reports module.

The defect was fixed.

ISL Conference Proxy - Reports - Chat transcript layout broken if you have a long line of text without spaces [ISLCONFPROXY-474] More

Description

Chat transcript web interface page was broken if supporter or client entered long text without any spaces. If the text is too long to display it correctly it will automatically be truncated eliminating the option to break the layout of the webpage.

The defect was fixed.

- ISL Groop

ISL Groop - Module - Additional XSS HTML injections [ISLGROOP-479] More

Description

Input fields in ISL Groop web interface did not correctly escape HTML content, thus XSS HTML injection was possible. All input fields are now correctly escaped eliminating the option for XSS HTML injection.

The defect was fixed.

- ISL Light

ISL Light - Module - XSS HTML injection is not prevented [ISLLIGHT-1533] More

Description

Input fields in ISL Light web interface did not correctly escape HTML content, thus XSS HTML injection was possible. All input fields are now correctly escaped eliminating the option for XSS HTML injection.

The defect was fixed.

Was this article helpful?