Release notes

What's new

• To sign requests for adding new entities or editing existing ones, we now use a secret string generated on the server, which has further improved the security of our application.
• We have improved the UX for selecting a group in the trading account add/edit form. Now only groups with similar configuration are displayed, which reduces the risk of incorrect configurations. Similar UX improvements have also been made to the Group add/edit form.

Bug fixes

• We have hidden the "Reports" section from the Main Menu if the user does not have permission to view these pages, so as not to show them the "Access denied" message.

Bug fixes

• Fixed the issue where it was impossible to save the Commission Profile changes in the group settings

Bug fixes

• Fixed "CSV injection" vulnerability in import-export feature
• Fixed "3rd party assets" vulnerability in the Dashboard iframe-widget
• Fixed missed /logout endpoint call if the user token has expired and/or cannot be renewed, to additionally notify the back-end that the user is no longer authorized