jCustomer 1.4.4
November 14, 2023
jCustomer 1.4.4. is compatible with jExperience 1.11.x
Security fix
- Fixed security vulnerability to prevent attacks via malicious OGNL or MVEL scripts
Bugfixes
- Default allow-list for expression filter not properly loaded from config
- Implement PropertyConditionEvaluator hardcoded property accessors
- Wrong classloader used in MvelScriptExecutor
Improvement
- Cookie profile id should be SameSite=Lax