Bugs

In the current WYSIWYG Editor you can turn on permissions for both Team account and Reader Groups. In the Advanced WYSIWYG Editor you can no longer do this. If you enable permissions for Team Accounts and then try to enable for Reader Groups then Team Accounts Turns off and visa versa. This will completely break how we have our documents set up as our Team Account users need to see a document in it's entirety, and our Reader Groups need to see only the private notes that they need to see. Every single one of our documents the information is only in private notes, nothing is directly in an article. With Advanced WYSIWYG restricting which group can be enabled on a private note leave half of our workers not able to access the document the why they need to.

would you mind considering improving your captcha system which is a nightmare to use, too long, too painful !

Our team has two different Document 360 projects--one for users and clients, and one for internal employees. We have different SSO/authentication methods for each site, which are working fine. On the portal side, however, we have recently encountered a bug where we can only see one project or the other depending on how we log in (e.g. if we log in with email, we see the client project; if we log in with Google SSO, we see the internal project). We would like the portal login to be fixed so that regardless of how a team member signs in, they will be able to see all projects that they have portal access to. Another note: We have had the two separate SSOs enabled for a few months now, and the bug of not being able to see both projects in the portal has only appeared in the last few weeks.

For the knowlege base assistant, you need to expose the api_key to end users (see your javascript embedd code). With this key, the users or attackers can download all user information. Using this curl command… curl --request GET " https://apihub.document360.io/v2/teams " --header "api_token: <your token>" …the attacker got the following response of all document360 users: { "result": [ { "user_id": "<your id>", "first_name": "<first_name>", "last_name": "<last_name>", "email_id": "<email>", "profile_logo_url": "<profile_logo>", "portal_role": "<role>", "last_login_at": "<last_login>" }, ], "extension_data": null, "context": null, "success": true, "errors": [], "warnings": [], "information": [] }

Some of our content role permissions are closed before, ex: "Publish article". But I noticed that they become opened. The reason maybe is the new feature "Find and replace". Every content role setting on this new feature are opened, and it has a dependency on "Publish article". So every content role "Publish article" permission are opened.

Since we moved to using SSO we can no longer see the last time a given user logged in. In the screenshot attached it is showing my user account, I was logged in at the time of taking the screenshot but the team & security page shows last log in date as months ago. How can we tell who is and who is not actively using document360 when using SSO?

unmatched numbers: In this project, I should be able to query "never logged users" by number of 61, but I can't find any.