CVE-2023-29484: Terminalfour 8.3.16 Release Notes

General****Google Analytics changes

RDSM-33435

In this version, we have made two significant changes to how Google Analytics works in the product:

Removal of the Google Analytics Dashboard

• Google Analytics data will now only be viewable in Direct Edit
  • the Analytics Dashboard is not to be confused with the Dashboard Module, which we intend to continue supporting.
  • if you’d still like to display Google Analytics data in Terminalfour, we recommend using Google Looker Studio and embedding your chart as an iFrame with the Dashboard Module. You can read an article on doing just that here

Terminalfour now supports Google Analytics 4

• Google will stop collecting Universal Analytics on July 1st, 2023, so we have added support for Google Analytics 4 in this version. From 8.3.16, only Google Analytics 4 data will be viewable in Terminalfour
• We’ve updated the documentation on adding Google Analytics to Terminalfour , so whether you are starting from scratch or updating an existing configuration, you should take a look.

Improvements to Direct Edit

RDSM-33542

Following the Direct Edit enhancements in 8.3.15 we’ve made further improvements to how JavaScript is implemented. This will allow content in carousels, galleries and slides to be more easily editable in Direct Edit.

More flexibility from Broken Links Reporting 🔗

RDSM-33935

We’ve updated the Broken Links reporting tool to improve performance and make it easier to filter unwanted links. Now you can use basic regular expressions on the excluded URLs page:

• to exclude anchor links, add ^#*
• to exclude anchor links, add ^mailto:[^s]*

Formatting internal links just got easier 👍

RDSM-36453

We’ve had a lot of positive feedback since we upgraded TinyMCE in 8.3.12, but one thing that has come up a few times is how difficult it can be to add custom formatting to Section and Content Links. We’ve changed it so a double click is now required to show the options modal, making it easier to select the text and add formatting.

Kerberos has been removed 🫡

RDSM-33435

We want to thank Kerberos for its service and wish it all the best in the future. We deprecated it back in 8.3.13 and are removing the code in this release.

Security fix (RDSM-36840)

This update resolves an authentication vulnerability (CVE-2023-29484) where, given specific conditions, an LDAP user with an incorrectly configured LDAP identifier could log into the Terminalfour platform using an invalid password.

By default, an imported LDAP user would have the correct LDAP identifier set. To exploit this vulnerability the LDAP identifier of an importer user would need to have been manually altered to an incorrect value.

With this release, a user with an incorrectly set LDAP identifier is no longer able to log into the Terminalfour platform with an incorrect password.

Minor issues****The filter value in the Content tab persists across Sections

RDSM-33745

When you filtered for a value in the Content Item in a Section, that value would persist in the next Section you visited, which could cause confusion. It’s fixed now.

After adding a Child Section, the Site Structure listing didn’t update

RDSM-36773

The Site Structure is immediately updated when you add a Child Section from the Child Section tab.

Don’t show the table options in the context menu when there’s no table

RDSM-34084

Previously, when you right-clicked in TinyMCE or Direct Edit, you would see a list of table options in the context menu, whether or not you were editing a table. Now you’ll only see table options when you are editing a table which should help speed you up (if Hick’s Law is anything to go by).