Release Notes: Illume 6.0.19569

Home / Developer / IT / DatStat Illume Release Notes / Release Notes: Illume 6.0.19569

This applies to:

Illume 6.0

Search AcademySearch Academy

Contact UsContact Us

Release Date: January 16th, 2020

Improvements

To prevent HTML injection vulnerabilities, the following work was completed to make HTML in rendered data display as plain text:
- Questions responses containing HTML within activities will not render the HTML when piping with the {value} or {response} tags.
- Question prompts containing HTML within activities will not render the HTML when piping with the {prompt} tag.
- Participant data containing HTML will not render the HTML when piping with the {UserData} tag.
- HTML included in participant properties, such as first name and last name, will not render the HTML in data grids in Enterprise Manager, Discovery, and Data Change.
- HTML included in participant properties, such as first name and last name, will not render on the page when viewing an individual participant’s record.
- HTML entered as submission data responses, like in a text input question, will not be rendered in the results of queried submission data.
- HTML entered as submission data, like in a text input question, will not be rendered when viewing an individual submission.
- HTML entered as submission data, like in a text input question, will not be rendered while reviewing changes to data within Data Change.
- Custom error messages with HTML entered will not render the HTML on display of the message.
The Power User role does not have access to API Keys, Sites, and System Extensions via direct URL link.
The system generates a new cookie once the user has authenticated.
The Login Page prevents open redirects to outside sites via targeted URL.
User-entered scripting is prevented via the ‘IFrameUrl’ parameter within the Enterprise Manager.
User-entered scripting is prevented via the ‘SourcePagel’ parameter within the Enterprise Manager.

Fixes

An internal server error appeared when a user pressed the Export Data Grid button in the Query Log view type.
The SDK user type was being omitted from the expired DatStat session clean up, causing performance issues as the number of expired sessions grew without being cleared.

Twitter

3 years ago DatStat is hiring developers! Join our team and make a difference #healthcare #healthIT #HITjobs #HealthITJobs… https://t.co/qM81Ob3Sfr
3 years ago Now is the time to make a difference in #healthcare #healthcareIT. We are hiring developers in Seattle! #HITjobs… https://t.co/TOCdlI2hhk
3 years ago Clinical testing sites can switch to electronic patient outcomes to help prevent the spread of Covid19 and reduce d… https://t.co/lME5VxQ8pE