Blog Post

Release Notes
4 MIN READ

Khoros Community Classic 23.10 Release

BhuvanaM's avatar
BhuvanaM
Khoros Alumni (Retired)
2 years ago

Enhancements

Consent for Embedding and Viewing YouTube and Vimeo Videos 

To be further compliant with data privacy regulations, including GDPR, we've introduced an enhancement when uploading and viewing YouTube and Vimeo videos. 

With this enhancement, interested customers can request their community members' explicit consent to use and store third-party cookies (from YouTube and Vimeo) to create and view posts containing YouTube/Vimeo videos. Once consent is given, preferences are stored for six months, eliminating repetitive consent requests. This consent applies to both YouTube and Vimeo, and the banner text is customizable for added flexibility.

Note: Contact support to enable this feature in your community. 

Here’s how the consent form looks while uploading a YouTube or Vimeo video:

And here’s how the consent form looks when you want to watch a YouTube or Vimeo video:

Learn more about uploading videos to your community. 

Learn more about Khoros cookies in our Khoros Cookies Data Sheet.

Developer Docs

The device_id field in the messages LiQL group has been changed to require the administrator role in order to meet the standards and requirements outlined in GDPR. While a device ID is not considered Personal Identifiable Information it is considered to be Personal Data under GDPR because it relates to an identified or identifiable person. Following this change in 23.10, the device_id field will only return data when the account has the administrator role.

Aurora Release Updates

Curious about what's happening with Community Aurora releases? Check out and subscribe to the Aurora Release Notes area to see all the progress and new features being released each month.

You Found it! We Fixed it!

General fix

  • Previously, after indexing, it was found that content was not displayed in spam, archives, and drafts. This issue is now fixed. 

  • The issue where Admins never received a complete CSV export of User Reports (Admin > Metrics > User Reports) in their Private Message is fixed. Now, after the User Report is exported, the CSV file is automatically sent to the Admin’s inbox in Private Message

  • After the recent EXIF data feature implementation, it was found that vertical images in Contest boards were rotated 90 degrees when a “Complete EXIF” is stripped. This issue is fixed. Now, vertical images successfully upload in Context boards on communities with EXIF data feature enabled.

  • Previously, members with the Basic HTML permissions set to “Grant”  and the Embed third party content permission set to “Deny” could send private messages to other members that included an HTML tag with external content source. This issue is now fixed and the members receive an error message.

  • Previously, members were not able to upload, attach, or download .ioc files in their post. This issue is now fixed. 
      
  • Previously, attackers could pass a member's user ID in the URL to Leave a Group Hub and remove the member from the Group Hub. This issue is now fixed. Instead of trusting the User ID in the URL request, we now validate it against the logged-in member’s User ID.
     
  • The issue when an admin runs a user sync using rest api connection is fixed. Now, an admin can run a user sync using REST salesforce API instead of REST API connection.

  • Previously, when an anonymous user made a LiQL query, the personal data like the device ID were exposed. This issue is now fixed. Now, when an anonymous user makes a LiQL query, the device ID is hidden.

  • The issue where a request to get an asset image failed as it did not exist in the cloud object storage is fixed. The fix is to handle the request and re-try uploading the asset from LIA (Khoros Classic Community) instead of going through the image service. 

  • Previously, when members tried to attach .har files to a draft in the community, the file failed to upload and an error message was displayed that the .har content type does not match its file extension and the file has been removed. This issue is fixed. Now, members can successfully attach .har files while creating a new post or replying to a post in the community. 

  • Previously, when the config related to “dynamic subject for replies” was enabled and members tried to move replies or inline replies of a discussion to another location, the subjects associated with the moved replies did not appear in the new location. This issue is fixed. Now, the replies that are moved to the new location include their subjects.

  • The issue where community admins were unable to migrate attachments and convert them to inline images by initiating image attachment migration process is fixed.

  • The issue where members failed to update custom settings via API V2 call for the community versions v22.11 or later is fixed. 

  • Previously, attackers with social engineering techniques could use a malformed analytics survey URL to display custom messages and impersonate official community content. This issue is fixed. Now, the URL is validated and an error message is displayed if it contains invalid parameters. 

  • The issue where members did not receive email notifications from the community when the Use Community Slack App permission was set to Grant by default is fixed. 

  • Previously, when members enabled Receive email notifications for new private messages in the My Settings page and admin turned off the same option in the Profile Defaults, members were not receiving the email notifications for new private messages. This issue is fixed. Now, members receive email notifications even if the admins turn off the Receive email notifications for new private messages option in the Profile Defaults

  • The issue where the LithiumSSOClient for .NET and Java used a lower version of BouncyCastle library which had some vulnerabilities is fixed. Now, the library is upgraded to the latest stable version. 

Accessibility fix

The issue where the screen reader did not focus the table present under the pop up in the private message while performing keyboard navigation is fixed. 

Updated 6 months ago
Version 7.0
  • VedanthY's avatar
    VedanthY
    Khoros Alumni (Retired)

    Hi all, 

    All the communities (stage and prod) are being upgraded to the latest app revision. The issue has been fixed in the latest app revision. 

    Based on the scheduled maintenance window for the production environments, the latest app revision will be deployed in that period.

    Post the maintenance window, you can see the fix for this issue. 

    CarolineS  As per your request, your community instance is paused for 23.10 deployment. However, if you want to go ahead with the deployment, the issue will be fixed in your environment. 

    Please let me know if you have any queries.  

     

  • Hi all,

     

    can anyone help me how i can send private messages to other members that included an HTML tag with external content source. What does external content mean?

    Thanks in advance. 

  • yogeshdixit This fix was for users who could send such private messages whose permission was set to deny Embed third-party content.

    However, if your permission is set to enable, you should be able to send private messages to other members that include an HTML tag with the external content source. 

    HTML tags with external content sources are elements used to incorporate content from external locations into a web page.

    I hope this helps!