Configuration - 2.2.3
Correction of vulnerabilities
- Specific SQL Injection vulnerabilities present in some product screens have been fixed.
- The 3rd digit version of PHP in a Windows environment has been updated to correct the Remote Code Execution vulnerability related to CVE-2024-4577.
- An additional validation has been created on some product view screens to avoid improper access (greater security against Broken Access Control).
- Safety failures on some system screens that could cause LFI (Local File Inclusion), Directory Traversal, or similar vulnerabilities have been fixed.
- The CSP (Content Security Policy) security rules of the application have been enforced to mitigate XSS (Cross-Site Scripting) attacks.
Change to Oracle environments
For Oracle environments, from version 2.2.3 onwards, it will be mandatory to configure the 'server', 'port', 'db', and 'tns' tags in the file of the connection with the database.
Improvements in memory management
An adjustment was implemented to optimize the application memory management in version 2.2.3, making the system more efficient in preventing outages.
This improvement was also applied retroactively up to system version 2.1.9.
Improvements to full text search
Full text search now prioritizes results based on token similarity, providing more relevant answers. Previously, the prioritization criteria took into account the components most used by the user.
View the latest improvements made to this component: