19 May 2021 
Read Complete Annoucement
24 May 2021
Over the last few days, we have rolled out a couple of urgent updates to our platform to significantly enhance our security posture with respect to how installation parameters are used. First, we took steps to minimize the surface area of the impact. Next, we rolled out another update to how the Request Method on our platform can use secure installation parameters.
Our next planned update on this front is to start mandating that any domain that a Request Method makes a request to must be defined in the whitelisted-domains property of the app manifest. Our latest Freshworks CLI release v6.11.0 already enforces this.
Starting 4 June 2021, apps uploaded to the platform - either as a custom app or a public app - will be expected to whitelist any domain it wishes to make requests to via the Request Method. This change will currently not affect apps that were already deployed earlier than 4 June, and they will continue to work without a defined whitelist for now. We will share another update shortly for how your already deployed apps can comply with this requirement as well.