Release notes - February 2024

Block Uncategorized Update

We now allow the option to toggle blocking Uncategorized sites for SmartPAC users separately from Extension users. This feature came from a customer request where students on Chromebooks should be blocked from accessing uncategorized sites, but not when using SmartPAC in computer labs under supervision. If you would like to enable this, contact our support team.

Bypass Fixes

Updates to the Securly extension address several notable bypass techniques.

  • Fixed a bypass where users could append #translate.google.com or ?translate.google.com to the end of URLs to bypass filtering. We corrected an exception for translate.google.com in the extension code to disable this.
  • Fixed a bypass where users could run JavaScript code in the form of a bookmarklet that created cookies on our domain that caused the server to reject any requests with a 4xx response due to the length and amount of the cookie header.
  • Fixed multiple bypasses that used site and category URL parameters in the bundled blocked.html file, which allowed for XSS attacks to interact with the extension directly. This allowed kids to bypass filtering by telling the extension it was set to not run in that environment.

Fixes

  • Fixed an issue where the block page would not load for a user even though the block event was logged.
  • Fixed an issue where the Filter and Aware dashboards would occasionally not load.
Was this article helpful?
11 out of 45 found this helpful
Have more questions?
Submit a request

Comments

0 comments

Article is closed for comments.

Articles in this section

See more