This article outlines the security enhancements and fixes implemented in User Portal (Web Client) version 20.2.25889 (released March 4, 2025).
These updates improve overall system security, protect sensitive user data, and enhance compliance with modern web security standards.
|
Category |
Security Fix Description |
Impact / Benefit |
|
Cross-Site Scripting (XSS) Protection |
Improved protection against reflected XSS attacks. |
Prevents malicious scripts from being injected and executed in user sessions, reducing risk of data theft and session hijacking. |
|
Sensitive Data Handling |
Removed all sensitive data from browser LocalStorage. |
Enhances data privacy by ensuring critical information cannot be exposed via browser storage. |
|
Security Headers |
Various improvements implemented in HTTP security headers. |
Strengthens application defense against common web vulnerabilities such as clickjacking, MIME sniffing, and content injection. |
|
Client-Side Request Handling |
Improved handling of client-side desynchronization in POST requests. |
Reduces risk of inconsistent application states and mitigates potential exploitation of request desynchronization issues. |
|
Frontend Framework Update |
Updated Vue.js to version 3.5.11. |
Ensures the application benefits from the latest security patches and stability improvements in the framework. |
|
HTTPS Enforcement |
Fixed issue where User Portal was not redirected to HTTPS when accessed over HTTP. |
Guarantees secure communication by enforcing encrypted connections, protecting data in transit. |
|
Runtime Environment Update |
Updated Node.js to the latest secure release. |
Addresses known vulnerabilities and improves overall runtime security and performance. |
Recommended Action:
We strongly recommend upgrading to version 20.2.25889 or later to take advantage of these important security improvements.
Ensure that browser and infrastructure configurations support secure HTTPS access.
Was this article helpful?
Tell us how we can improve it.