Security improvements

Security improvements

Security continues to be an increasingly important aspect of delivering SaaS services, and we consider it our responsibility to maintain a strong security posture. Based on recent research and internal activities, we have further strengthened our security through the following changes:

• Enforced HTTPS: our servers already required HTTPS and automatically redirected HTTP traffic. With the addition of a new security header, browsers are now explicitly instructed to only communicate via HTTPS.
• Trusted content only: a Content Security Policy (CSP) header has been added. This ensures that browsers only load trusted content (like documents, scripts, styles, images, and API resources) greatly reducing the risk of malicious injections.
• Cleanup of unused cookies: an unused cookie related to sticky sessions was identified. The server configuration has been updated to remove this cookie automatically.

These improvements take effect immediately, and we will closely monitor their impact.

‍Embedding blocked

As an additional security measure, embedding SelfGuide as an application is now blocked. While embedding was useful in the past, it introduces risks such as clickjacking and credential theft.

Any location where SelfGuide is currently embedded will stop working and must be updated to use the dedicated embed functionality for instructions.

SelfGuide Recorder update required

In November 2025, a new version of the SelfGuide Recorder was released, featuring functional improvements, a framework upgrade, and several vulnerability fixes.
Starting with this release, the latest version becomes mandatory and older versions can no longer be used.

Editors who are not yet on the latest version will be notified and must upgrade before continuing.

Bug Fixes

The following issues have been resolved:

• Recent changes caused reduced performance in course functionality, especially related to course progress. This affected opening courses with existing progress, starting a course, and completing an instruction, section or module.
• The context menu for a chapter in the User Guide editor did not work when a subchapter was selected.
• Opening a course from an LMS while an expired SelfGuide token was present resulted in an error.
• Exporting a content pack containing a User Guide caused an error.
• The unsaved-changes warning only worked for the initial save, not for subsequent edits.