GLOBALEAKS 5.0.33

Changes in version 5.0.33

• Complete implementation of CSP policy based on Trusted-Types
• Enforce validation of every admin config or user input by means of DOMPurify
• Restrict usage of CSS inline scripts (#4345) as previously done on v4
• Fix bug in gl-admin utility preventing possibility to reset 2fa
• Correct feature of re-ordering of questions options (#4348)
• Fix issues #4341, #4344
• Improve packaging of css libraries and overrides
• Bump client dependencies to latest versions
• Update translations

GLOBALEAKS 5.0.32

Changes in version 5.0.32

• Revise language changes utilities in relation to issue #4315
• Fixed validation of multistep questionnaires and extend validation to files (#4336)
• Remove redundant rel=noreferrer made unnecessary by ReferrerPolicy header
• Revise markdown implementation ensuring links are opened always in a new tab
• Ensure to strip every HTML tag (including safe tags) with DOMPurify before parsing markdown.
• Fix issues #4340 and #4338
• [doc] Revise application security document in reference to external links protections
• [doc] Extend documentation adding detail on usage of DOMPurify to filter markdown input

GLOBALEAKS 5.0.31

Changes in version 5.0.31

• Revise mock implementation fixing continous reloading on some setups

GLOBALEAKS 5.0.30

Changes in version 5.0.30

• Temporarily rollback changes related to enforcing mandatory file uploads or oral messages introduced in 5.0.26 that seems to be causing improper form validation.

GLOBALEAKS 5.0.29

Changes in version 5.0.29

• Fix regression on questionnaire validation introduced in release 5.0.26 (#4321)

GLOBALEAKS 5.0.28

Changes in version 5.0.28

• Fix bug in relation to loader not getting removed
• Revise margins on UI components of the homepage
• Fix bug and performance on mock implementation using MutationObserver
• Bump client dependencies to latest version
• Update translations

GLOBALEAKS 5.0.27

Changes in version 5.0.27

• Fix issue #4308
• Fix color of SupportLink
• Bump client dependencies to latest versions

GLOBALEAKS 5.0.26

• Deprecate (at least temporarily) states motivations for reasons discussed on #4201 with the core globaleaks community.
• Revise regular expression for email validation to allow domains with tld longer than 5 characters (#4309)
• Fix inclusion of pdfjs library fix issue on opening PDF files with integrated file viewer
• Fix issue on loading of images causing white page on settings page (#4311)
• Fix mandatory checks on file uploads and voice recordings
• Fix exception on email generation when users has disabled notifications
• Bump client dependencies to latest versions

GLOBALEAKS 5.0.25

• Revise receiver and context images style (#4303)
• Revise path checks in relation to adminonly configurations
• Properly communicate to users when a password reset token is expired
• Bump client dependencies to latest version

GLOBALEAKS 5.0.24

Changes in version 5.0.24

• Fix proper visualization of checkboxes and datepickers