DDOC-1969: add changelog entry for PDF.js vulnerability (#379)

* DDOC-1969: add changelog entry for PDF.js vulnerability * Change date
box · Jun 18, 2024 · 3ac57ff · 3ac57ff
1 parent ff3c624
commit 3ac57ff
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 0 deletions.
diff --git a/content/2024/05-20-box-node-sdk-new-gen-released.md b/content/2024/05-20-box-node-sdk-new-gen-released.md
@@ -13,6 +13,8 @@ collapse: true
 
 We are excited to introduce [Box TypeScript SDK][1], designed to elevate the developer experience and streamline your integration with the Box Content Cloud.
 
+<!-- more -->
+
 With the [new generation of Typescript SDK][1], you’ll have access to:
 
 * **Full API Support**: The new generation of Box SDKs empowers developers with complete coverage of the Box API ecosystem. You can now access all the latest features and functionalities offered by Box, allowing you to build even more sophisticated and feature-rich applications.

diff --git a/.../05-20-box-python-sdk-new-gen-released.md → ...0-box-python-sdk-new-gen-released copy.md b/.../05-20-box-python-sdk-new-gen-released.md → ...0-box-python-sdk-new-gen-released copy.md
@@ -13,6 +13,8 @@ collapse: true
 
 We are excited to introduce [Box Python SDK][1], designed to elevate the developer experience and streamline your integration with the Box Content Cloud.
 
+<!-- more -->
+
 With the [new generation of Python SDK][1], you'll have access to:
 
 * **Full API Support**: The new generation of Box SDKs empowers developers with complete coverage of the Box API ecosystem. You can now access all the latest features and functionalities offered by Box, allowing you to build even more sophisticated and feature-rich applications.

diff --git a/content/2024/05-23-pdf-js-vulnerability.md b/content/2024/05-23-pdf-js-vulnerability.md
@@ -0,0 +1,28 @@
+---
+applied_at: '2024-06-18'
+applies_to:
+  - sdks
+is_impactful: true
+is_new_feature: false
+release_source_url: ''
+collapse: true
+---
+
+# `PDF.js` vulnerability affecting Box Preview SDK
+
+A `CVE-2024-4367` vulnerability has been identified in the `PDF.js` library used by [Box Preview SDK][1]. 
+The vulnerability exposes a gap in the `PDF.js` type, checking code that allows for arbitrary JavaScript to run when opened in Preview.
+
+<!-- more -->
+
+Since this vulnerability existed in all versions of `PDF.js` that were lower or equal to `4.1.392`, it affects all versions of Preview SDK lower than `2.106.0`.
+To mitigate this vulnerability, upgrade the Preview SDK used in your apps to `2.106.0` or higher.
+
+All customers and application owners who are potentially affected have been notified directly via email.
+
+## Where to get support
+
+Should you have any issues or need further guidance, please post a request to our [developer forum][2] for any help needed.
+
+[1]: https://github.com/box/box-content-preview/blob/master/README.md
+[2]: https://forum.box.com/