Security Changelog - Hyvä Enterprise
This page documents security-relevant vulnerability fixes for all Hyvä Enterprise products.
B2B Theme [1.0.3] - 2025-02-07
Frontend UI Issue in Company Structure Tree
The company structure tree allowed users without proper permissions to initiate a drag/reorder action in the frontend UI. However, server-side validation correctly rejected the action and displayed an access denied error to the user. This was a frontend UX issue where the UI should have prevented the action from being initiated.
- Impact: User Experience (Frontend-Only)
- Severity: Low
- Affected versions: >= 1.0.0, < 1.0.3
- Note: Server-side authorization was functioning correctly. This fix improves UX by preventing the action from being available in the frontend for unauthorized users. No actual data was at risk.