Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DDOC-1969: add changelog entry for PDF.js vulnerability #379

Merged
merged 2 commits into from
Jun 18, 2024
Merged

DDOC-1969: add changelog entry for PDF.js vulnerability #379

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1e671bd
DDOC-1969: add changelog entry for PDF.js vulnerability
bszwarc May 23, 2024
22710fa
Change date
bszwarc Jun 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions content/2024/05-20-box-node-sdk-new-gen-released.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ collapse: true

We are excited to introduce [Box TypeScript SDK][1], designed to elevate the developer experience and streamline your integration with the Box Content Cloud.

<!-- more -->

With the [new generation of Typescript SDK][1], you’ll have access to:

* **Full API Support**: The new generation of Box SDKs empowers developers with complete coverage of the Box API ecosystem. You can now access all the latest features and functionalities offered by Box, allowing you to build even more sophisticated and feature-rich applications.
Expand Down
2 changes: 2 additions & 0 deletions .../05-20-box-python-sdk-new-gen-released.md → ...0-box-python-sdk-new-gen-released copy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ collapse: true

We are excited to introduce [Box Python SDK][1], designed to elevate the developer experience and streamline your integration with the Box Content Cloud.

<!-- more -->

With the [new generation of Python SDK][1], you'll have access to:

* **Full API Support**: The new generation of Box SDKs empowers developers with complete coverage of the Box API ecosystem. You can now access all the latest features and functionalities offered by Box, allowing you to build even more sophisticated and feature-rich applications.
Expand Down
28 changes: 28 additions & 0 deletions content/2024/05-23-pdf-js-vulnerability.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
applied_at: '2024-06-18'
applies_to:
- sdks
is_impactful: true
is_new_feature: false
release_source_url: ''
collapse: true
---

# `PDF.js` vulnerability affecting Box Preview SDK

A `CVE-2024-4367` vulnerability has been identified in the `PDF.js` library used by [Box Preview SDK][1].
The vulnerability exposes a gap in the `PDF.js` type, checking code that allows for arbitrary JavaScript to run when opened in Preview.

<!-- more -->

Since this vulnerability existed in all versions of `PDF.js` that were lower or equal to `4.1.392`, it affects all versions of Preview SDK lower than `2.106.0`.
To mitigate this vulnerability, upgrade the Preview SDK used in your apps to `2.106.0` or higher.

All customers and application owners who are potentially affected have been notified directly via email.

## Where to get support

Should you have any issues or need further guidance, please post a request to our [developer forum][2] for any help needed.

[1]: https://github.com/box/box-content-preview/blob/master/README.md
[2]: https://forum.box.com/
Loading