megachangelog
Improvement1.98

Release v1.98

Added TLS support for Redis datasources and implemented multiple security fixes including SQL injection prevention, unauthenticated metadata disclosure prevention, and enforced permission checks. Also upgraded dependencies to resolve critical vulnerabilities.

Features

  • Added TLS (SSL mode) support for the Redis datasource in both the backend and datasource UI. (#41587)

Fixes

  • Enforced edit permissions for application snapshot deletion. (GHSA-g2hc-wmw2-32jr) (#41624)
  • Added a red asterisk to required fields. (#41609)
  • Prevented unauthenticated disclosure of instance metadata. [APP-14994] (#41598)
  • Prevented SQL injection in UQI filter service projection and sortBy columns. (#41594)
  • Restricted draft action execution to editors only. (#41614)
  • Upgraded simple-git to 3.32.3 to resolve critical CVE-2026-28292. (#41613)
  • Upgraded fast-xml-parser to 4.5.4 to resolve critical CVE-2026-25896. (#41595)
  • Increased the client class API timeout for the consolidated API from 20 seconds to 60 seconds. (#41591)
redissecuritytlssql-injectionpermissions

Source: original entry ↗