Summary & Highlights

Welcome to Linchpin Intranet Suite 5.0!

The Linchpin Intranet Suite 5.0 release contains new features, improvements and a number of bugfixes. We also address potential security vulnerabilities.

We prepared a short summary of the most important changes, so you can keep track of them. To learn more about a specific topic, simply use the navigation to jump to that part of the release notes.

First of all, because it concerns the Suite itself: We updated the demo content. Also: We ensured the compatibility with Confluence 7.12 with this release.

Linchpin User Profiles introduces a new profile field type: date input. Choose if a date is displayed with or without a year. Also, this field type can be used for filtering now!

Furthermore, we introduce a new macro: the "Structural Chart" macro! And since we're already talking about structural charts: you can map text input fields to structural chart's nodes now!

The Microblog and Linchpin Events receive performance upgrades and some bugfixes.

In Linchpin Enterprise News, a new role has been added to the news approval workflow: authors. Authors can edit scheduled news.

The mobile app received some love, too. We improved the stability of the admin area and gave it a new front-end. Also, administrators can now decide how long a QR login code is valid for.

And last, but not least: You can add additional filters to the navigation menus with the help of space categories!

Suite

Improvements

• We updated the demo content.
• We made the Linchpin Intranet Suite compatible with Confluence 7.12.

Translations

Improvements

• We ensured compatibility with Confluence 7.12.

Collapsible Admin Menu

Improvements

• We ensured compatibility with Confluence 7.12.

User Profiles

The user profiles received an upgrade for the "date input" field - the data can be used for filtering/personalization now. Also, it's possible to leave out the year now. Furthermore, the "Structure Chart" is available as a macro now, too.

New features

• We added a new field type for dates - with or without year. Use it for birthdays or anniversaries! 
  More information: https://seibert.biz/userprofilesdatefield
• People directory: The tile layout shows the profile header sub-line for each user now. And the new table layout is completely configurable.
  More information: https://seibert.biz/peopledirectory
• Use the new "Structural Chart" macro to display any part of your company's structure (for example: all departments and their members).
  More information: https://seibert.biz/structuralcharts

Improvements

• We improved the performance of the people directory and org/structure charts.
• In the profile editor, we show where field content is coming from now.
• You can use text input fields to map users to structural chart nodes now.
• We are happy to announce compatibility with Confluence 7.12.

Bugfixes

• We fixed issues in the user data update for select fields.
• The avatar image is updated reliably after uploading a profile image in Confluence 7.11 and above now.

Microblogging for Confluence

The Microblog received some bugfixes and performance improvements.

Improvements

• We reduced the size of the web resources delivered by the Microblog. This fix might reduce loading times.
• We're happy to announce Confluence 7.12 compatibility.

Bugfixes

• We addressed an issue that sometimes caused the user mention autocomplete to break in IE11.
• New topics automatically created by the "Microblog Placeholder" macro are handled as if they were created manually now.
• We improved the handling of shared pages and events in Microblog mails (e.g. notifications or the daily digest).
• We fixed a display bug which affected the "space or topic" filter within the Microblog portal.

Navigation & Theming

Space categories can be used as filters for menu items, now. Furthermore, we resolved a bug which would mess up the order of landing spaces.

Improvements

• The filtering of menu items has been extended by space categories.
• Linchpin Theme is now compatible with Confluence 7.12

Bugfixes

• We changed the sorting of landing spaces in the database query to prevent reordering of said landing spaces on system restart.

News

We added a new role to the news approval workflow.

New features

• We added a new workflow role - "author". Authors can edit news that are scheduled for publication or approval.
  More information: https://seibert.biz/lenauthors

Improvements

• We are happy to announce that Linchpin Enterprise News is compatible with Confluence 7.12 now.

Events

Events received some bugfixes and performance improvements. Also, we fixed potential security vulnerabilities.

Security

• We fixed three potential security vulnerabilities which could be used to retrieve the participant list of an event, although access was not allowed.

Improvements

• Resources required for event components have been optimized, so that content can (and will) be displayed more quickly to the user now.
• Events are compatible with Confluence 7.12 now.

Bugfixes

• We fixed an issue in which an event was still displayed despite deleting the location information when filtering by location in the Event hub.
• We fixed an issue which caused some text labels not to be accessible to screen readers when creating an event.

Launchpad

Just like the rest of the Suite, Launchpad is compatible with Confluence 7.12 now.

Improvements

• We are happy to announce Launchpad's compatibility with Confluence 7.12.

Bugfixes

• We fixed issues concerning Confluence search requests in certain Java versions.

Mobile

Login codes can be made valid for a longer time, now. Also, we improved the performance and stability of the administration area.

New features

• Configurable login code validity: Confluence administrators can define how long QR codes are valid for login via the Linchpin Mobile Gateway now. The default duration is 24 hours, but administrators can generate login codes for other users with different validity. For detailed information see https://seibert.biz/linchpinmobileconnectionsettingsdoc.

Improvements

• The administration area of Linchpin Mobile was moved to a new front-end technology to improve stability and performance.

Complete changelog

Here is a complete overview of all the changes, features, improvements and bugfixes we are releasing now with our Linchpin Intranet Suite 5.0.

Security

• We fixed three potential security vulnerabilities which could be used to retrieve the participant list of an event, although access was not allowed.
• 5.0.1 We fixed an XSS vulnerability which could only be potentially exploited by admins or news magazine editors.
  More info: https://seibert.biz/kbsecuritynotice21-05-magazine
• 5.0.2 We fixed an XSS vulnerability which allowed for potential code execution within the app's admin view.
  More info: https://seibert.biz/20210901cvelilaxss
• 5.0.2 We fixed a BAC vulnerability which potentially allowed for unauthorized users to create, modify or delete app categories and app labels.
  More info: https://seibert.biz/20210901cvelilabac
• 5.0.2 We fixed a CSRF vulnerability which potentially allowed to create, modify or delete apps.
  More info: https://seibert.biz/20210901cvelilacsrf
• 5.0.2 We fixed a vulnerability which made it potentially possible to accept or decline Terms of Use for another user by luring them to a prepared website.
  More info: https://seibert.biz/20210901cvetofucsrf

• 5.0.2 We fixed a CSRF vulnerability which potentially allowed users with admin access to upload their own corrupted files.

• 5.0.2 We fixed a CSRF vulnerability which potentially allowed to lure the admin to a modified URL which would cause all users to have to re-do the onboarding.
  More info: https://seibert.biz/20210901cvesuitecsrf
• 5.0.2 We fixed an XSS vulnerability which potentially allowed to execute code in the news hub.
  More info: https://seibert.biz/20210901cvelenxss
  
• 5.0.2 We secured an API endpoint which would have allowed unauthorized users to subscribe to restricted spaces.
• 5.0.2 We fixed a potential vulnerability which would have allowed unauthorized users to potentially modify the sidebar configuration.
  More info: https://seibert.biz/20210901cveltpbac
• 5.0.2 We fixed an XSS vulnerability which potentially allowed unauhtorized users to execute code within the space directory.
  More info: https://seibert.biz/20210901cveltpxss
  
• 5.0.2 We fixed a CSRF vulnerability which potentially allowed users to modify the theme configuration and the menu settings by luring an admin to a modified URL.
  More info: https://seibert.biz/20210901cveltpcsrf

New features

• We added a new field type for dates - with or without year. Use it for birthdays or anniversaries!
  More information: https://seibert.biz/userprofilesdatefield
  
• People directory: The tile layout shows the profile header sub-line for each user now. And the new table layout is completely configurable.
  More information: https://seibert.biz/peopledirectory
• Use the new "Structure Chart" macro to display any part of your company's structure (for example: all departments and their members).
  More information: https://seibert.biz/structuralcharts
• We added a new workflow role - "author". Authors can edit news that are scheduled for publication or approval.
  More information: https://seibert.biz/lenauthors
  
• Configurable login code validity: Confluence administrators can define how long QR codes are valid for login via the Linchpin Mobile Gateway now. The default duration is 24 hours, but administrators can generate login codes for other users with different validity. For detailed information see https://seibert.biz/linchpinmobileconnectionsettingsdoc.
• 5.0.1 We introduced new icons for apps, child apps and macros in our new Linchpin branding!

Improvements

• We added compatibility with Confluence 7.12.
• We improved the performance of the people directory and org/structure charts.
• In the profile editor, we show where field content is coming from now.
• You can use text input fields to map users to structure chart nodes now.
• We updated the demo content.
• We reduced the size of the web resources delivered by the Microblog. This fix might reduce loading times.
• The filtering of menu items has been extended by space categories.
• Resources required for event components have been optimized, so that content can (and will) be displayed more quickly to the user now.
• The administration area of Linchpin Mobile was moved to a new front-end technology to improve stability and performance.
• 5.0.1 You can save empty terms of use now.
• 5.0.1 We increased the maximum number of configurable Linchpin Teaser colors from 10 to 15.
• 5.0.1 Titles within Pings can be translated using Linchpin Translate/the i18neditor now.
• 5.0.1 We improved the performance of the News Hub, the "Cover Stories" macro and news magazines.
• 5.0.1 We reduced the size of loaded data and improved the performance of the "News Feed" macro.
• 5.0.1 We noticeably reduced the size of our frontend resources, improving page load times.
• 5.0.1 We improved the support for teaser images in non-standard formats.
• 5.0.1 We improved the loading of data within the "Spaces by category" macro. It won't prevent the page from loading anymore.
• 5.0.1 We tweaked some cache settings to improve the performance of all news related features.
• 5.0.1 We tweaked some performance related things to make the UX of news elements smoother.
• 5.0.1 We improved the performance of the "Custom User List" macro.
• 5.0.1 We tweaked some cache related settings to improve the performance of user profiles syncs.
• 5.0.1 You can receive notifications when changes have been made to an event now.
• 5.0.2 Compatibility of the dialog for creating a new event with screen readers has been improved.

Bugfixes

• We fixed issues in the user data update for select fields.
• The avatar image is updated reliably after uploading a profile image in Confluence 7.11 and above now.
• We addressed an issue that sometimes caused the user mention autocomplete to break in IE11.
• New topics automatically created by the "Microblog Placeholder" macro are handled as if they were created manually now.
• We improved the handling of shared pages and events in Microblog mails (e.g. notifications or the daily digest).
• We fixed a display bug which affected the "space or topic" filter within the Microblog portal.
• We changed the sorting of landing spaces in the database query to prevent reordering of said landing spaces on system restart.
• We fixed an issue in which an event was still displayed despite deleting the location information when filtering by location in the Event hub.
• We fixed an issue which caused some text labels not to be accessible to screen readers when creating an event.
• We fixed issues concerning Confluence search requests in certain Java versions.
• 5.0.1 We fixed a bug which prevented a terms of use disclaimer to be saved in the language in which it was read and accepted.
• 5.0.1 We fixed a bug which prevented the display of empty paragraphs within term of use disclaimers.
• 5.0.1 We fixed an error which occurred within the theme configuration when no site logo was set.
• 5.0.1 We fixed a rare issue which prevented users from saving the theme configuration when a corrupted image was used as a logo.
• 5.0.1 We fixed a small optical error which appeared to non-admin menu editors when configuring the navigation menu.
• 5.0.1 We resolved a bug which hid certain editor elements from the user when Confluence 7.12 was used.
• 5.0.1 The resolved an issue which made the "Subscription for News" option within Linchpin Pings disappear.
• 5.0.1 We fixed unwanted behavior of manually set permissions when a news approval workflow was involved.
• 5.0.1 When using Confluence 7.12, you can use the "X" button to close diagram related macro overlays again.
• 5.0.1 We fixed a sorting issue within the "Custom User List" macro.
• 5.0.1 We fixed a bug which let an LDAP sync crash.
• 5.0.1 We fixed a display issue which showed empty text input fields with links.
• 5.0.1 We fixed a wording issue in an error message related to the people directory.
• 5.0.1 We fixed a bug which prevented profile fields from being rendered as clickable within the profile header.
• 5.0.1 We fixed a bug related to the autocomplete feature in events which sometimes led to events disappearing.
• 5.0.1 We fixed a bug which made it possible to export event participants' email addresses, even when email address export was disabled in Confluence.
• 5.0.1 We fixed a bug which led to error messages in the browser console when Linchpin Events was installed and Microblog wasn't.
• 5.0.1 We fixed a visual bug regarding the mouse cursor when hovering over link in the "Event" macro.
• 5.0.1 We fixed a bug which prevented users from deleting events using the "Event calendar" macro.
• 5.0.2 We fixed bugs regarding the daily digest and a missing resource.
• 5.0.2 Fixed an error in the validation of event dates and times.
• 5.0.2 Fixed an error that caused a success message to be displayed when adding additional people after reaching the maximum number of participants, but the participants were not actually signed in. An error message is now displayed instead.

Linchpin Intranet Suite 5.0.1

Version 5.0.1 of the Linchpin Intranet Suite is a patch release.

We improved the performance in many places and fixed some bugs. Also: We introduce a brand new branding for Linchpin. Now that we changed the logo, we felt that our app and macro icons deserved a fresh new start, too!

Security

• We fixed an XSS vulnerability which could only be potentially exploited by admins or news magazine editors.
  More info: https://seibert.biz/kbsecuritynotice21-05-magazine

New features

• We introduced new icons for apps, child apps and macros in our new Linchpin branding!

Improvements

• You can save empty terms of use now.
• We increased the maximum number of configurable Linchpin Teaser colors from 10 to 15.
• Titles within Pings can be translated using Linchpin Translate/the i18neditor now.
• We improved the performance of the News Hub, the "Cover Stories" macro and news magazines.
• We reduced the size of loaded data and improved the performance of the "News Feed" macro.
• We noticeably reduced the size of our frontend resources, improving page load times.
• We improved the support for teaser images in non-standard formats.
• We improved the loading of data within the "Spaces by category" macro. It won't prevent the page from loading anymore.
• We tweaked some cache settings to improve the performance of all news related features.
• We tweaked some performance related things to make the UX of news elements smoother.
• We improved the performance of the "Custom User List" macro.
• We tweaked some cache related settings to improve the performance of user profiles syncs.
• You can receive notifications when changes have been made to an event now.

Bugfixes

• We fixed a bug which prevented a terms of use disclaimer to be saved in the language in which it was read and accepted.
• We fixed a bug which prevented the display of empty paragraphs within term of use disclaimers.
• We fixed an error which occurred within the theme configuration when no site logo was set.
• We fixed a rare issue which prevented users from saving the theme configuration when a corrupted image was used as a logo.
• We fixed a small optical error which appeared to non-admin menu editors when configuring the navigation menu.
• We resolved a bug which hid certain editor elements from the user when Confluence 7.12 was used.
• The resolved an issue which made the "Subscription for News" option within Linchpin Pings disappear.
• We fixed unwanted behavior of manually set permissions when a news approval workflow was involved.
• When using Confluence 7.12, you can use the "X" button to close diagram related macro overlays again.
• We fixed a sorting issue within the "Custom User List" macro.
• We fixed a bug which let an LDAP sync crash.
• We fixed a display issue which showed empty text input fields with links.
• We fixed a wording issue in an error message related to the people directory.
• We fixed a bug which prevented profile fields from being rendered as clickable within the profile header.
• We fixed a bug related to the autocomplete feature in events which sometimes led to events disappearing.
• We fixed a bug which made it possible to export event participants' email addresses, even when email address export was disabled in Confluence.
• We fixed a bug which led to error messages in the browser console when Linchpin Events was installed and Microblog wasn't.
• We fixed a visual bug regarding the mouse cursor when hovering over link in the "Event" macro.
• We fixed a bug which prevented users from deleting events using the "Event calendar" macro.

Linchpin Intranet Suite 5.0.2

Version 5.0.2 of the Linchpin Intranet Suite is a security release.

Security

• We fixed an XSS vulnerability which allowed for potential code execution within the app's admin view.
  More info: https://seibert.biz/20210901cvelilaxss
• We fixed a BAC vulnerability which potentially allowed for unauthorized users to create, modify or delete app categories and app labels.
  More info: https://seibert.biz/20210901cvelilabac
• We fixed a CSRF vulnerability which potentially allowed to create, modify or delete apps.
  More info: https://seibert.biz/20210901cvelilacsrf
• We fixed a vulnerability which made it potentially possible to accept or decline Terms of Use for another user by luring them to a prepared website.
  More info: https://seibert.biz/20210901cvetofucsrf

• We fixed a CSRF vulnerability which potentially allowed users with admin access to upload their own corrupted files.

• We fixed a CSRF vulnerability which potentially allowed to lure the admin to a modified URL which would cause all users to have to re-do the onboarding.
  More info: https://seibert.biz/20210901cvesuitecsrf
• We fixed an XSS vulnerability which potentially allowed to execute code in the news hub.
  More info: https://seibert.biz/20210901cvelenxss
  
• We secured an API endpoint which would have allowed unauthorized users to subscribe to restricted spaces.
• We fixed a potential vulnerability which would have allowed unauthorized users to potentially modify the sidebar configuration.
  More info: https://seibert.biz/20210901cveltpbac
• We fixed an XSS vulnerability which potentially allowed unauthorized users to execute code within the space directory.
  More info: https://seibert.biz/20210901cveltpxss
  
• We fixed a CSRF vulnerability which potentially allowed users to modify the theme configuration and the menu settings by luring an admin to a modified URL.
  More info: https://seibert.biz/20210901cveltpcsrf

Improvements

• Compatibility of the dialog for creating a new event with screen readers has been improved.

Bugfixes

• We fixed bugs regarding the daily digest and a missing resource.

• Fixed an error in the validation of event dates and times.

• Fixed an error that caused a success message to be displayed when adding additional people after reaching the maximum number of participants, but the participants were not actually signed in. An error message is now displayed instead.