Release Notes SABIO 5.33
Improved security when accessing and uploading documents and images
The safety of you data is our highest priority.
The best possible protection against attacks on your content in SABIO is an important part of that.
In order to further minimize the possibility of a session token being captured we introduced short-lived tokens.
Those are mostly used when accessing documents or images since those are the areas which are least protected.
Here the used tokens are only a few seconds long so that they are useless to potential offenders.
There are two additional changes that come with this optimization:
PDF documents which are embedded in texts currently can’t be downloaded via the toolbar of the PDF viewer.
If a PDF document is embedded in a text, a toolbar appears at the top. Here you have the opportunity to download the PDF. This is currently no longer possible in Chrome. Instead the PDF has to be opened as an attachment and can be downloaded from there. Or the link for the download could be added to the text. In Firefox, IE11 and Edge PDFs can still be downloaded via the toolbar as usual. If a PDF is opened in a separate SABIO-tab, it can be downloaded via the PDF toolbar in Chrome as well.
The download link of documents will no longer be shown in the footer.
The document can still be downloaded using the button “save on local disk” in the toolbar as it was possible before.
New:
Before:
Click here to get to the tutorial.
File type is being checked during the upload process
During the upload process of documents and images the file type is being checked and compared to the respective file extension.
If there are differences between file type and file extension the upload is being prevented and an error message appears.
This makes sure that potentially dangerous files which are disguised as harmless cannot be uploaded.
Inserting placeholders has been optimized
- Consistent menu for the button “add placeholder” in the toolbar and in the context menu (right click)
- Search functionality in the menu for adding placeholders
- Wider window for adding placeholders via context menu (right click)
Click here to get to the tutorial.
Adapted validation for inheritance of views in the tree
In the past there were constraints depending on the case when you tried to inherit a view to all sub-contents.
This was often prevented since a validation error occurred saying that the assigned user group did not match the new view.
The validation has been adapted for this use case.
Inheriting a new view to all of the node’s sub-contents is now possible under the following conditions.
The user group which has writing permissions has access to at least one view of the respective sub-contents (nodes, texts, documents).
Please note: When using text elements, the user groups which have writing permissions on that node need to be allowed to see all the views of the respective texts.
Quick change of views for links to texts in different views
If the user is working in a certain view (e.g. your standard view) and selects a link to a text in a different view, the following hint appears:
By clicking on the button a quick change between views can me made so that the linked text can be opened.
If the current user does not have the view of the linked text the hint telling them they are not entitled to open this text will still appear.
Click here to get to the tutorial.