Release notes for WebAPI 3.10.2.4120

Bug fix

• The previous release contained a new version of a specific dll 14.8.0.0. However, the web.config was still pointing to version 13.9.0.0. This could result in issues with resizing images. Fixed in version 3.10.2.4120.

• When the WebAPI is not used in combination with AIS, certain possibly sensitive information could be disclosed upon user authorization. Fixed in 3.10.1.4178. The new <authorization>false</authorization> setting can be added to the globalConfiguration section in adlibweb.xml to prevent output of this data. When this element is missing or it’s value is set to true, the current behaviour is still in place for backwards compatibility.

• A specific API endpoint was vulnerable to Local File Inclusion (LFI) and Internal File Path disclosure. Fixed in version 3.10.1.4166.