On Monday, March 6th, we began releasing a new cloud version of Developer Services Portal.
Bugs fixed
The following bugs are fixed in this release. This list is primarily for users checking to see
if their support tickets have been fixed. It's not designed to provide detailed information for
all users.
Issue ID
Description
DEVSOL-2401
Update contrib modules to pick up Views security fix
The following contrib modules were updated to latest stable:
Captcha
LDAP
Media
Views (security update)
Views Bulk Operations
Views Slideshow
The following theme was updated to latest stable:
Bootstrap
DEVSOL-2386
Enable iframes in Media Browser window
In cloud release
17.02.21.00, the X-Frame-Options header was set to DENY for all pages
(out-of-the-box, Drupal defaults to SAMEORIGIN for this header). While this
resulted in hardening the security of the Drupal product as a whole, it also broke some
functionality, most notably the Media Browser which allows embedding of media from the
media library in rich-text edit fields. The X-Frame-Options header is now
reverted to SAMEORIGIN. Those requiring this header's value to be
DENY should consider installing and configuring the Security Kit and Security Kit Override
modules.
DEVSOL-2384
Analytics is not working: Highcharts is not defined
A bug was fixed in which the JavaScript assets of the Highcharts graphing library may not
have been included correctly for sites which serve aggregated JavaScript. This would have
affected the developer app performance pages.
Additionally, if serving Highcharts assets via a CDN is undesirable, there is a new
configuration option which allows customers who have uploaded a copy of Highcharts to
/sites/all/libraries to serve those assets locally instead.