Release7.2.5.2

This release introduces critical security fixes across the Query Sheet, Question Wall, and Chat, File System Access, Single Sign-On, and User Interface modules. These enhancements strengthen access control, improve session protection, and reinforce application-level security.

Key Highlights

• Restrict Session Exposure and User Impersonation Protects session information to prevent unauthorized session reuse and impersonation.

• Stored Cross-Site Scripting in Question Wall and Chat Blocks malicious script execution in user-generated content to prevent session theft and unauthorized actions.

• Unauthorized File System Access Restricts file access to prevent path traversal attacks and exposure of sensitive system files through manipulated file paths.

• Improper SAML Assertion Replay Handling Prevents reuse of SAML authentication assertions to reduce replay-based unauthorized access.

• Vulnerable Third-Party JavaScript Dependencies Upgrades outdated third-party JavaScript libraries to address known security vulnerabilities and reduce application-level security risks.

• Publicly Accessible Registration Page Disables public registration access and enforces redirection to the login page to align with single sign-on controls.

Release Details:

Query Sheet

Fixed

Restrict Session Exposure and Prevent User Impersonation

In the Query Sheet module, a security issue occurred where administrative access exposed active session information, creating a risk of session reuse and unauthorized user impersonation. The issue has been resolved, and the session information is now protected against unauthorized access.

Question Wall and Chat

Fixed

Stored Cross-Site Scripting in Question Wall and Chat

In the Security Vulnerability module, a security issue occurred where malicious scripts could be stored in user-generated content and executed when viewed, creating a risk of session theft and unauthorized activity. The issue has been resolved, and input-handling protections now prevent script execution in these areas

File Manager

Fixed

Unauthorized File System Access

In the File System Access module, a security issue occurred where manipulated file paths could allow access to sensitive files. The issue has been resolved, and strict validation now prevents unauthorized file access and reduces the risk of sensitive information being exposed.

Performance & Security

Fixed

Improper SAML Assertion Replay Handling

In the Single Sign-On module, a security issue occurred where authentication assertions could be reused multiple times, creating unauthorized sessions without re-authentication. The issue has been resolved, and now assertions are properly validated to prevent replay attempts and reduce the risk of session misuse.

Vulnerable JavaScript Dependencies

In the User Interface module, a security issue occurred due to outdated third-party libraries with known vulnerabilities. The issue has been resolved, and now the libraries have been upgraded to reduce exposure to known security risks while maintaining expected functionality.

Single Sign On

Fixed

Publicly Accessible Registration Page

In the Single Sign-On module, a security issue occurred where a public registration page was accessible despite the intended single sign-on authentication model. The issue has been resolved, and now the system blocks and redirects registration page access to the login page.

Copyright © 2026, OvalEdge LLC, Peachtree Corners, GA, USA.