Release date: June 3, 2020
About this release
Version 4.12.8 of DRACOON Core Service for on-premises customers fixes a potentially serious issue in the current LTS release 2019-1.
The new version 4.12.3 of the DRACOON OAuth component and the new version 4.12.2 of the DRACOON WebUI also include important updates:
- The OAuth component fixes an access issue on the Branding Web App by delivering a possibility to set a timeout in the OAuth properties
- The WebUI includes an important security update that closes a reflected XSS vulnerability
The installation is recommended for all customers who run DRACOON on their own servers.
The installation packages are available on our download portal (download.dracoon.com).
The following problem has been fixed in version 4.12.6 of DRACOON Server:
- The display of the total file/folder count was corrected. This problem affected the use of DRACOON via WebDAV and lead to inconsistent and incomplete display of data room or folder contents due to a wrong response in our API.
The following problem has been fixed in version 4.12.3 of the DRACOON OAuth component:
- Setting a timeout in OAuth properties is now possible and addresses occasional access issues on the DRACOON Branding Web App.
- Version 4.12.2 of the DRACOON WebUI closes a potential XSS vulnerability (reflected XSS).