Hotfix 1.9.11

Release Date: 05/07/2022

Features

  • eSign now rejects by default documents with embedded javascript. Read the important changes section below for a better understanding on how this may affect you.

Fixes

  • [DevOps-20933] Improved javascript detection for some previously undetected specific cases.

  • [DevOps-22983] Fixes a open redirect vulnerability in eSign’s welcome, monitor and validator page.

  • [DevOps-24551] Fixes a bug when recovering Websocket based session

  • [DevOps-24552] Fixes a bug when recovering Server-Sent Events based sessions

Important changes

eSign now rejects documents with embedded javascript during the document creation service.

This feature is now controlled by the pdf.js.reject property which is set to true by default, setting it to false will turn off this new feature.(check Configuration Properties for more details)

Additionally one can use the REJECT_JS document variable for a per document control of the feature. (check Document Variables for more details)