jCustomer 1.4.4
November 11, 2022
jCustomer 1.4.4. is compatible with jExperience 1.11.x
Security fix
- Fixed security vulnerability to prevent attacks via malicious OGNL or MVEL scripts
Bugfixes
- Default allow-list for expression filter not properly loaded from config
- Implement PropertyConditionEvaluator hardcoded property accessors
- Wrong classloader used in MvelScriptExecutor
Improvement
- Cookie profile id should be SameSite=Lax