Oasis Workflow Pro v8.4 – Major Update – Security And Other Fixes
This week we released maintenance updates for Oasis Workflow Pro.
We ran CodeSniffer and Linter tools with WordPress coding standard ruleset to scan PHP, Javascript and CSS for any potential vulnerabilities. We did another round of manual review of the codebase.
We took those findings and worked through the various issues. This new version v8.4 has a lot of security fixes along with other notable enhancements. This is a major update and we strongly recommend to use your staging/test server to verify the updates before installing it on your live site.
Here is the list of changes added to v8.4:
- Security Fix – Fixed output escaping issue where some of the strings were not properly escaped.
- REST API Security – Added capability security to publicly accessible API endpoints.
- PHP to JS Escaping – Javascript variables printed and defined through PHP variables were properly sanitized and escaped.
- Unprepared SQL Queries – Fixed instances of SQL queries that were not properly escaped and prepared.
- Fixed issue with Priority field not getting set from previous step in Gutenberg Editor.
- Fixed issue with Teams drop down, not showing all team users.
As with all major updates, we strongly recommend that you use a staging or test server to test the updates on your site before installing it on a live site.