#Changes since 1.36.27
- Add ZM_LOG_INJECT config parameter to disable unprivileged log injection through api.
- Check value of System:Edit permission and ZM_LOG_INJECT to disable ajax log injection.
- Use canEdit['System'] and value of new ZM_LOG_INJECT to disable attempting to inject javascript errors into zm logs
- The above 3 Fixes GHSA-cfcx-v52x-jh74
- Fix Monitor => monitor in zmwatch causing crash in zmwatch
- update storage modal to fix buttons not being in form. Also remove duplicate view field and make button action be save instead of Save. Fixes [#3605]
Full Changelog: 1.36.27...1.36.28