v1.15.1 - Security hotfix

Sojan V Jose

Sojan V Jose

Published on

0 minute read

This release includes a security fix to a reported XSS vulnerability that allowed agents to make an XSS attack against other admins/agents.

The fix included upgrading the dependant library v-tooltip and disable the HTML rendering of agent names.

Other bug fixes and improvements

  • Fix the bug to resolve the identity of the user via phone number in Twilio inboxes.
  • Add a new API to resolve the assignable agents in a particular inbox.
  • Fix reset password error message and default it to the server returned response.
  • Upgrade ssri to fix CVE-2021-27290.
  • Fix minor UI glitches.

New languages introduced in the release

  • Chinese (zh-CN)
  • Norwegian (no)
  • Hungarian (hu)