Gateway Manager 1.0.7 focuses on security hardening and access control improvements for Gateway Manager. Key updates include resolution of multiple security vulnerabilities including ReDoS, prototype pollution, XSS, and algorithmic complexity issues. This release also enhances user access filtering for groups and tags, and fixes certificate management functionality in the UI.
Improvements
| Feature | Description |
|---|---|
| Access Control Filtering (ENG-18514) | Enhanced filtering to ensure viewable groups and tags are filtered by user access permissions. |
| Inventory Table Layout (ENG-19144) | Fixed extra width issue on the Inventories table during layout updates. |
Security Fixes
| Issue | Description |
|---|---|
| Cross-Site Scripting (XSS) Vulnerabilities (ENG-18232, ENG-18235) | Resolved cross-site scripting (XSS) vulnerabilities. |
| Prototype Pollution Vulnerabilities (ENG-19178, ENG-19181, ENG-19182) | Addressed prototype pollution vulnerabilities in dependencies. |
| Regular Expression Denial of Service (ReDoS) Vulnerabilities (ENG-19396, ENG-19401, ENG-19550, ENG-19551, ENG-19628) | Fixed regular expression denial of service (ReDoS) vulnerabilities in multiple dependencies. |
| Inefficient Algorithmic Complexity (ENG-20186, ENG-20189, ENG-20190) | Resolved inefficient algorithmic complexity issues in dependencies. |
Bug Fixes
| Issue | Description |
|---|---|
| Certificate Management Buttons (ENG-14972) | Fixed Certificate View/Delete buttons on the Gateway details view to function properly. |