From 3ac57ff2ee635b167e7af13fc5f601d679bee0b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Barbara=20Czy=C5=BC?= <bczyz@box.com>
Date: Tue, 18 Jun 2024 18:51:04 +0200
Subject: [PATCH] DDOC-1969: add changelog entry for PDF.js vulnerability
 (#379)

* DDOC-1969: add changelog entry for PDF.js vulnerability

* Change date
---
 .../05-20-box-node-sdk-new-gen-released.md    |  2 ++
 ...0-box-python-sdk-new-gen-released copy.md} |  2 ++
 content/2024/05-23-pdf-js-vulnerability.md    | 28 +++++++++++++++++++
 3 files changed, 32 insertions(+)
 rename content/2024/{05-20-box-python-sdk-new-gen-released.md => 05-20-box-python-sdk-new-gen-released copy.md} (99%)
 create mode 100644 content/2024/05-23-pdf-js-vulnerability.md

diff --git a/content/2024/05-20-box-node-sdk-new-gen-released.md b/content/2024/05-20-box-node-sdk-new-gen-released.md
index e08297e4..5a3c0a72 100644
--- a/content/2024/05-20-box-node-sdk-new-gen-released.md
+++ b/content/2024/05-20-box-node-sdk-new-gen-released.md
@@ -13,6 +13,8 @@ collapse: true
 
 We are excited to introduce [Box TypeScript SDK][1], designed to elevate the developer experience and streamline your integration with the Box Content Cloud.
 
+<!-- more -->
+
 With the [new generation of Typescript SDK][1], you’ll have access to:
 
 * **Full API Support**: The new generation of Box SDKs empowers developers with complete coverage of the Box API ecosystem. You can now access all the latest features and functionalities offered by Box, allowing you to build even more sophisticated and feature-rich applications.
diff --git a/content/2024/05-20-box-python-sdk-new-gen-released.md b/content/2024/05-20-box-python-sdk-new-gen-released copy.md
similarity index 99%
rename from content/2024/05-20-box-python-sdk-new-gen-released.md
rename to content/2024/05-20-box-python-sdk-new-gen-released copy.md
index d6068228..94f8bada 100644
--- a/content/2024/05-20-box-python-sdk-new-gen-released.md
+++ b/content/2024/05-20-box-python-sdk-new-gen-released copy.md	
@@ -13,6 +13,8 @@ collapse: true
 
 We are excited to introduce [Box Python SDK][1], designed to elevate the developer experience and streamline your integration with the Box Content Cloud.
 
+<!-- more -->
+
 With the [new generation of Python SDK][1], you'll have access to:
 
 * **Full API Support**: The new generation of Box SDKs empowers developers with complete coverage of the Box API ecosystem. You can now access all the latest features and functionalities offered by Box, allowing you to build even more sophisticated and feature-rich applications.
diff --git a/content/2024/05-23-pdf-js-vulnerability.md b/content/2024/05-23-pdf-js-vulnerability.md
new file mode 100644
index 00000000..1b94c20d
--- /dev/null
+++ b/content/2024/05-23-pdf-js-vulnerability.md
@@ -0,0 +1,28 @@
+---
+applied_at: '2024-06-18'
+applies_to:
+  - sdks
+is_impactful: true
+is_new_feature: false
+release_source_url: ''
+collapse: true
+---
+
+# `PDF.js` vulnerability affecting Box Preview SDK
+
+A `CVE-2024-4367` vulnerability has been identified in the `PDF.js` library used by [Box Preview SDK][1]. 
+The vulnerability exposes a gap in the `PDF.js` type, checking code that allows for arbitrary JavaScript to run when opened in Preview.
+
+<!-- more -->
+
+Since this vulnerability existed in all versions of `PDF.js` that were lower or equal to `4.1.392`, it affects all versions of Preview SDK lower than `2.106.0`.
+To mitigate this vulnerability, upgrade the Preview SDK used in your apps to `2.106.0` or higher.
+
+All customers and application owners who are potentially affected have been notified directly via email.
+
+## Where to get support
+
+Should you have any issues or need further guidance, please post a request to our [developer forum][2] for any help needed.
+
+[1]: https://github.com/box/box-content-preview/blob/master/README.md
+[2]: https://forum.box.com/
\ No newline at end of file