Fixed issues and updates on RoboHelp Server 11
This article contains a list of issues resolved in the latest release of Adobe RoboHelp Server 11 and subsequent patch releases.
Check RoboHelp Server community for solutions, workarounds, or any late-breaking information.
Check RoboHelp Server User Guide for a detailed explanation of features and "how-to" information.
Check RoboHelp Server release notes for the latest updates and features.
FIXED ISSUES
- Fixed security vulnerability that extracts sensitive data from the database. (Ref- 11841, 11870)
- Fixed directory traversal vulnerability leading to remote code execution at the server. (Ref- 11842)
- Fixed security vulnerability for LDAP Injection issue during LDAP authentication. (Ref- 11843)
- Fixed security vulnerability that prevents XXE attacks on the server. (Ref- 11851)
Fixed Issues
- A Cross-Site Request Forgery (CSRF) vulnerability is found that could lead to the execution of unwanted actions.
(Ref - 10692) - A security vulnerability is found that could elevate the end users with non-administrative privileges to act as server administrators.
(Ref - 10594)
- Report generation fails for contexts using MS-SQL Databases due to LIMIT clause usage instead of FETCH OFFSET.
(Ref - 10752)
New features and enhancements
Coordinated Universal Time (UTC) time zone
RoboHelp Server supports storing information in the database in the UTC time zone. An optional parameter (TimezoneforRHS), when configured, displays information in the UI in a user's local time zone while still allowing database information to be stored in UTC time. For more information, see the Time zone configuration.
ADFS token-based authorization
RoboHelp Server supports token-based permissions to enable integration between RoboHelp Server and ADFS authorization flow. This allows a user to be authorized based on the value entered in the Token Role Key attribute. For more information, see Single Sign-On using ADFS.
Fixed Issues
- A directory traversal vulnerability in the publishing workflow could lead to remote code execution at the server.
(Ref - 9574) - Attempting to delete any area with an apostrophe in the area name, displays the message “Unable to delete the area <area-name>”.
(Ref - 10251) - In Usage statistics, Page views, and Pages per view reports, repetitive entries appear when the selected date range contains a large amount of data.
(Ref - 10504)
Fixed issues
- Product licensing issue noticed with Update 1 installation and activation.
Fixed issues
- Changes in report parameters are done after report creation, ability to change maximum results in report, and area deafulting to General.
(Ref - 8845) - Options to hide default visual in representation of large data is missing.
(Ref - 8846) - Exporting data in JSON format for advanced data visualization is not available.
(Ref - 8847) - Look-and-feel of reports is not optimal and lacks responsiveness.
(Ref - 8947) - In some cases, the "Configuration Manager" requires administrator rights to execute.
(Ref - 8950)