Documentation Index

Fetch the complete documentation index at: https://docs.lobstersoftware.com/llms.txt

Use this file to discover all available pages before exploring further.

_data release 4.6.24

Prev Next

Release notes – Lobster Data 4.6.24

Release date: 2026-07-09

Bug fixes

LDP-7684

Increased security in the DataWizard OAuth2 endpoint. This closes a flexjson deserialization vulnerability.

LDP-7645

Added a configurable whitelist property for the OpenAPI viewer: hub.datawizard.api.viewer.whitelist. This property restricts which endpoints the viewer can fetch. It mitigates unauthenticated Server-Side Request Forgery (SSRF).

Improvements

LDP-7828

MessageService: Added further filtering of data received from peers. This prevents deserialization attacks at that level.

Security

LDP-7625

By default, LDP disables endpoints that expose API specifications, version details, host details, and stack traces: /dw/spi/oas, /_data/_inf, /dw/cloud. You can re-enable each endpoint individually using system properties. Contact support@lobster.de for access to these APIs.