Text editor security issue

There has been a security issue in text widgets on dashboards in Collibra Data Intelligence Cloud. The issue has been fixed in version 5.7.5 and will remove the following HTML tags from the text widgets:

• script
• svg
• frame
• frameset
• iframe
• any event handler such as onclick

However, to complete the fix, you have to do the following after the upgrade to 5.7.5:

1. Open the DGC service settings for editing:
2. In the Security configuration section, set the Prevent advanced html features in text dashboard to True.
3. Click the green Save all button.

The next steps will remove the mentioned tags from the text widgets on dashboards:

1. Sign in to Collibra.
2. Open a dashboard that has a text widget.
3. Copy the content of the text widget.
4. Open the text widget for editing and save immediately.
   If there was a security issue in the text widget, original content may have been removed.
   
5. Compare the widget content with the copied content and add the missing content again.
6. Repeat these steps for all text widgets on all dashboards.