Version : 63
Released : 2024-05-26
Changes in this Release
Issue |
Type |
Module(s) |
Description |
|---|---|---|---|
3668 |
Bug |
When saving an object with many auto actions defined there were many repeated database queries which could affect performance. The number of queries was reduced. |
|
3703 |
Bug |
When an auto-action precondition references a custom property that an object did not have set, the action would fail with an error result on object save. This was corrected. |
|
3609 |
Feature |
Diagnostic 0165 was added. This Diagnostic will find unbalanced quotes in text strings such as query messages. |
|
3610 |
Feature |
Diagnostic 0104 was updated so that the Form OID can be included in the expected path for a resource in the Help Text. |
|
3682 |
Feature |
Diagnostic 0020 (Spellcheck) now has an option to ignore custom properties and attributes where the attribute or custom property name matches a pattern. |
|
3683 |
Feature |
Diagnostic 0020 (Spellcheck) now has an option to ignore acronyms equal or greater in length than some user supplied value. |
|
3684 |
Bug |
In diagnostic results the reset selected explanations button was not always visible when there were explanations to reset. This was corrected. |
|
3676 |
Feature |
The javascript component used to display lists in TrialGrid has been upgraded to the latest version. There is no change in functionality. |
|
3674 |
Bug |
An Edit Check custom property sheet throws an error when the user deletes an Edit Check from the sheet but the Edit check has already been deleted in the meantime. This has been corrected. |
|
3660 |
Feature |
Medidata Rave Architect Loader Spreadsheets containing Edit Check, Data and Unit Dictionary OIDs can be uploaded into TrialGrid and will be displayed when editing/viewing the object. |
|
3661 |
Feature |
A warning will be displayed if the current name of an Edit Check, Data or Unit Dictionary generates an OID which is different from that imported from Medidata Rave. |
|
3664 |
Bug |
When using the APIs user accounts were not locked out after failed login attempts. This was corrected. |
|
3666 |
Bug |
Executable files could be uploaded to the file area and then hosted/served by the system if users chose to make them public. Executable files are now blocked from upload. |
|
3667 |
Bug |
In tickets, wiki pages and comments it was possible to introduce javascript execution via the onerror attribute of img tags. Event attributes such as onerror, onclick etc are now removed from html elements in user input. |
|
3648 |
Bug |
If the ALS Project Name for a Draft contained html content this would be displayed in the results for diagnostic 131 (which checks these names). This was a potential security risk and has been corrected. |
|
3649 |
Bug |
When two Draft objects are compared in the per-object difference dialog the Draft names are not escaped making the page vulnerable to XSS injection. |
|
3650 |
Bug |
When cloning a Draft, Draft names are not escaped making the page vulnerable to XSS injection. This has been corrected. |
|
3651 |
Bug |
When renaming a file, renamed file names are not escaped making the page vulnerable to XSS injection. This has been corrected. |
|
3654 |
Bug |
Task names are not escaped in the users historical task list making the page vulnerable to XSS injection. This has been corrected. |
|
3656 |
Feature |
When entering two-factor token values for TrialGrid login, failed attempts now increment the failed login count for the user and repeated failures will result in the user account being locked out. |
|
3657 |
Feature |
Response headers returned the name and version of the web server software, information which could help attackers craft attacks against known vulnerabilities. Headers now return "TGServer" which gives no information. |
|
3673 |
Bug |
When checking whether an Matrix is in use by an edit check this operation would fail with an error. This has been corrected. |