- the previous fix to the xss in the homepage setter was lacking the controller changes due to a partial commit (#bf4610c947c7dc372c4078f363d2dff6ae0703a8)
- as originally discovered by Mislav Božičević <mislav.bozicevic@nn.cz>
- persistence of the vulnerability after the lacking fix reported by DIEGO JURADO PALLARES from Ciberinteligencia
- Dashboard
- modular similar to restSearch
- build your own widgets
- use a set of visualisation options (more coming!)
- full access to internal functions for queries
- auto discover core and 3rd party widgets
- rearrange / configure widgets for each user individually
- rearrange / resize widgets
- settings can be configured by a site-admin on behalf of others
- modules have a self-explain mode to guide users
- caching mechanism for the modules / org
- set homepage / user
- various other fixes
- based on role permissions
- enforce the checks on set/delete
- add it to the UI elements
- /users/view /admin/users/view now include the user settings in a simplified format
- set settings / user
- settings can be set by user themselves or their org admin / site admin
- added first setting: publish_alert_filter
- accepts boolean branched filter options
- supports deep logical trees
- OR/NOT/AND
- currently supports filtering on tags and the creator organisation
Jakub Onderka