Evoq 9.13.10 Release Notes

Overview

This release note details the product updates in Evoq 9.13.10.

Evoq 9.13.9 was released on 2025, November 3rd.

Evoq 9.13.10 is based on DNN Platform 9.13.9. Please find the release notes of DNN Platform 9.13.9 from its public GitHub page.

Users with "host" permissions may disallow the presence of JavaScript in the header and footer of modules, mitigating XSS risks.
The output of user's commands is sanitized to prevent the execution of HTML and JavaScript code in Prompt module, mitigating XSS risks.
IP filter at login now only considers IPs in the HTTP header 'X-Forwarded-For' if this configuration is set explicitly, improving overall security of the IP filtering mechanism.
Content in the field Biography (in Profile) is now rendered as plain text instead of as HTML, mitigating XSS risks.
Content in Activity Feed / Journal items is rendered as plain text instead of as HTML, mitigating XSS risks.
Fixed a vulnerability issue to prevent NTLM hash leakage via SMB Share Interaction through malicious user input.
Fixed a vulnerability issue to prevent the upload of files using CKEditor by unauthenticated users through malicious customized HTTP requests.

Evoq Content 9.13.10 contains the above updates in Evoq Basic 9.13.10.

Evoq Engage 9.13.10 contains the above updates in Evoq Basic 9.13.10, and Evoq Content 9.13.10.

Choose files or drag and drop files

Tags:

Was this article helpful?

Yes