As part of fixing a security vulnerability FE-7163: Stored XSS in administrative linker functionality through the href parameter - CVE-2018-20240 (fixed in FishEye 4.7.0) we introduce the file <FISHEYE_HOME>/syntax/url.def to whitelist url definitions. As consequence, some non-http linkers without entry in that file, stopped working in Fisheye/Crucible v 4.7
Add more definitions as we encounter more use cases, such as a definition for advcrm
For advcrm add the following entry in the file <FISHEYE_HOME>/syntax/url.def
Thanks to that, all links with this scheme (and rest of the url will pass this regex check) will be rendered on UI.
- Switch off Fisheye/Crucible
- add new entry to the file (file location and entry above)
- launch Fisheye/Crucible
- All links should be rendered