This update focuses on enhancing system security, optimizing features, and fixing several known issues. We continue our commitment to improving system stability and user experience to provide you with a more reliable service.
Release Date: 2025.10.15
Module Versions:
Single Sign-On (SSO) Toggle API
Stellar Admin can now enable or disable the SSO feature via an API, giving you more flexibility in managing login methods.
Portal Custom Logo (Favicon) Function
You can now set a custom browser tab icon (Favicon) for your Portal site, ensuring a more consistent brand image.
AI Assistant Feature Migration
The AI Assistant feature has been successfully migrated from the legacy Galaxy platform to Stellar. The OpenAI API Key is now centrally managed by Stellar.
CSV Checker Implemented in Frontend Validation
The CSV Checker has been integrated into the frontend of the data upload process. This provides real-time data format validation and displays clear error messages, reducing upload failure rates.
Password Strength Indication During Registration
Fixed an issue where password strength rules did not provide clear feedback during new account registration. This has been corrected to offer clearer validation guidance.
This update focuses on fixing multiple system security vulnerabilities discovered by the ZAP security scanning tool, ensuring your data and system are well-protected.
Fixed SQL Injection Vulnerabilities (Security)
Resolved several SQL Injection vulnerabilities found in multiple backend APIs. System security has been significantly enhanced through parameterized queries and strict input validation.
Fixed Path Traversal Vulnerabilities (Security)
Addressed Path Traversal vulnerabilities in the backend API. We have implemented strict filename sanitization and path normalization mechanisms to prevent attackers from accessing sensitive system files.
Enhanced Content Security Policy (CSP) & Anti-clickjacking (Security)
Fixed the issue where the website was missing CSP and Anti-clickjacking related security headers to strengthen protection against XSS and clickjacking attacks.
Fixed Hidden File Access Issue (Security)
Resolved an issue where improper web server configuration allowed external access to hidden files (such as version control directories), preventing sensitive information leakage.
Fixed Division Operation Decimal Point Issue
Solved a problem where the result of integer division did not include decimal places when creating custom variables, ensuring the accuracy of calculations.