Terminalfour: 8.3.18
- Date Released:
- November 30 2023
General
Overview
Our focus in this release was to address security issues and accessibility improvements that were discovered during routine audits earlier this year.
Improved Password Reset functionality
RDSM-32010
If you've ever forgotten a password you can appreciate it's a frustrating experience. In previous versions of Terminalfour this was even harder than it should have been.
With this release we've completely revamped the user flow and improved the security when using the Forgot Password feature.
You can now request a password reset from the login screen using your Email address or Terminalfour Username. We'll then send you a newly designed email with straight-forward instructions on how to continue.
Security improvements
We addressed XSS issues in the following areas
- Form Builder
- Section Names
- Preview Filter Configuration
- Content Names
Accessibility improvements
In this release we took the time to implement many improvements that were discovered in a recent accessibility audit. We've made significant improvements to ensure a better experience for all users. However, we acknowledge that there is always more work to be done to ensure the platform is fully accessible. We remain committed to ongoing accessibility improvements and will continue to make enhancements in future releases.
This release focuses on improving the accessibility of Terminalfour for all users in the following areas:
- Made focus indicators more consistent throughout the platform
- Improved keyboard navigation on tabs within the product
- Improved keyboard navigation and category selection within the Media Library
Remove the code for using Grandchild Sections with the Related Content Navigation Object
RDSM-36651
Version 8.3.12 saw the deprecation of the "use grandchild" fetch method in the Related Content Navigation Object.
From this version it is no longer possible to create navigation objects using this option and deprecation notices have been removed from the user interface.
Minor issues
- CSS floats no longer break content in Direct Edit (RDSM-36942)
- Ensured TLS 1.3 functions with LDAP (RDSM-33777)
- Improved the Cache building when there is a lot of Content Items (RDSM-37099)
Changes
| Issue Type | Issue key | Summary | Priority | Component/s |
|---|---|---|---|---|
|
Epic |
RDSM-32010 |
Improve Password reset flow |
P3 |
Authentication |
|
Bug |
RDSM-31397 |
Javascript is triggered when user wants to create fields from content type |
P3 |
Content Type |
|
Bug |
RDSM-36950 |
Get request is triggered with javascript that is in section name |
P3 |
Section |
|
Bug |
RDSM-32492 |
XSS issue in preview filters page |
P3 |
Product Configuration |
|
Bug |
RDSM-20736 |
XSS vulnerability with section name when duplicating or deleting section |
P3 |
Section |
|
Bug |
RDSM-37099 |
Cache build is very slow when there are lots of version (1,000s) of Content Items |
P3 |
Caching |
|
Bug |
RDSM-36956 |
Breadcrumb is not displayed on duplicate branch modal when section contains XSS script |
P3 |
Section |
|
Bug |
RDSM-37051 |
Gritters are not announced by screen readers |
P3 |
Accessibility |
|
Bug |
RDSM-37108 |
XSS - Alert is triggered when trying to mirror a section from the site structure |
P3 |
Section |
|
Bug |
RDSM-37110 |
XSS - get request is triggered when trying to duplicate a section from the site structure |
P3 |
Section |
|
Bug |
RDSM-37111 |
XSS - get request is triggered when trying to mirror a section from the site structure |
P3 |
Section |
|
Bug |
RDSM-37158 |
Editing a list throws red box error |
P3 |
Lists |
|
Bug |
RDSM-37211 |
Tabbing focus broken for inputs when editing an existing media item |
P3 |
Accessibility |
|
Bug |
RDSM-36951 |
Javascript is triggered on page layouts usage and audit trail report when the section name contains xss |
P3 |
Page layout usage Report |
|
Bug |
RDSM-32644 |
XSS issue on content name field when you're removing content from edit content view |
P3 |
Content |
|
Bug |
RDSM-20792 |
XSS issue when deleting content from within content edit page that uses javascript as it's name. |
P3 |
Content |
|
Bug |
RDSM-36420 |
Categorised Not Selected When Navigating To Media Library |
P3 |
Media Library |
|
Bug |
RDSM-33803 |
XSS pops up on content editing |
P3 |
Content |
|
Bug |
RDSM-36995 |
Lack of visual focus indicator on the sidebar links |
P3 |
Accessibility |
|
Bug |
RDSM-37003 |
Lack of visible focus on tabs |
P3 |
Accessibility |
|
Bug |
RDSM-36946 |
XSS vulnerability when adding content to a section |
P3 |
Section |
|
Bug |
RDSM-37268 |
Left/Right navigation on tabs should not occur when a user is inside an input element |
P3 |
Accessibility |
|
Bug |
RDSM-37265 |
Reset password modal not announced by screen reader |
P3 |
Accessibility |
|
Bug |
RDSM-36996 |
All buttons are missing a focus state |
P3 |
Accessibility |
|
Bug |
RDSM-37001 |
Missing ARIA Roles on Tabs |
P3 |
Accessibility |
|
Bug |
RDSM-37000 |
Parent drop down links missing aria-expanded attributes |
P3 |
Accessibility |
|
Bug |
RDSM-37143 |
Fix confusing focus order on additional tabs |
P3 |
Accessibility |
|
Bug |
RDSM-29853 |
Anti-virus is not working correctly |
P3 |
Product Configuration |
|
Bug |
RDSM-33777 |
LDAP doesn't support TLS1.3 |
P3 |
Product Configuration |
|
Bug |
RDSM-36982 |
The DeleteDuplicateParentSectionMetaContentTask upgrade task fails to handle mirrored section metadata content |
P3 |
Upgrader |
|
Bug |
RDSM-37205 |
Can't sync to a branch that is mirrored at least twice |
P3 |
Content Syncer |
|
Change Request |
RDSM-37068 |
Focus style is applied inconsistently throughout the platform |
P3 |
Accessibility |
|
Change Request |
RDSM-34495 |
Remove 'Syntax highlighting language' element if media type is classified as binary |
P3 |
Media Library |
|
Bug |
RDSM-36942 |
Direct Edit: CSS Floats Breaking |
P4 |
Direct Edit |
|
Bug |
RDSM-36998 |
Required inputs should include the required attribute |
P4 |
Accessibility |
|
Bug |
RDSM-37049 |
Media dropzone is not accessible with the keyboard |
P4 |
Accessibility |
|
Bug |
RDSM-37002 |
Confusing focus order on tabs |
P4 |
Accessibility |
Before upgrading
In advance of the upgrade please view the information and Technical Roadmap. Please contact us prior to upgrading we can provide you with the pre and post-upgrade tasks.
Priority
Please note that the priorities assigned to bugs differ from those assigned to Client Support tickets:
- P1 - Major rework of product.
- P2 - Major performance change.
- P3 - Regular priority change.
- P4 - Minor change.
- Trivial - Very minor UI changes.