We are very pleased to announce the general availability of WorldServer 11.7.3, an important update which includes a number of fixes for various security issues as previously communicated by RWS Technical Support. It is strongly advised that all customers upgrade to this latest, most secure version to avoid exposure to any risk of data loss or compromise. In addition to hardening measures we have introduced within the WorldServer website code, we have modified some other areas of the product, including:
- Hard coding an extended list of default values related to the property freeform.search.illegal_terms in general.properties; you can still add further values to this property to go beyond this default list
- CSV exports for terminology have a modified format to neutralize any possible injection threats
From a functional perspective, we have also taken the opportunity with this release to update to the latest versions of our File Type components for the FTS. As well as being on the latest component versions, this will also address some reported issued with File Type settings that reference Embedded Content Processors.
For further details, please refer to the detailed Release Notes published here.
The distribution and all required installers are available on the usual FTP site; if you no longer have your credentials, please log a ticket with RWS Support.
I would like to thank the WorldServer Engineering team for all the hard work in addressing these shortcomings and their dedication in releasing this important product update on time.