04/03/17

Security Patch to User Management Hosted Pages

We have proactively addressed a potential security vulnerability in our User Management Hosted Pages. As of April 3, Sailthru prevents Zephyr code from being passed to a hosted page through the link’s query parameters.

Although no clients are currently using this ability, it was flagged as potential vulnerability for revealing more information than intended. We took steps to prevent this specific usage. Even though Zephyr brackets will be removed from parameter values, your user management pages will continue to be able to pass in other information in their query parameters, such as the user’s ‘source’ for reporting. As such, no updates are required are no experience changes are expected.

Top