# Release notes – 3.5.5

## Widget domain whitelist (security enhancement)

You can now restrict which domains are allowed to trigger widget post-message events (such as CSS loading and open/close actions), reducing the risk of CSS injection.

* *How it works:* Go to Bot Settings > Whitelist and add allowed domains. If no domains are configured, all domains remain allowed to avoid impacting existing setups.

## External API error handling improvements

You can now configure language-specific error messages when an external LLM API fails to return a response, improving user experience in multilingual bots.

* *How it works:* Define custom error messages per language in your external API configuration.

## Full conversation context for external API

External API calls now include the full conversation history instead of only the last message, resulting in more accurate and contextual responses.

## Removal of Journey page

The Journey page has been deprecated and removed, as it was no longer actively maintained or used.

## Bug fixes

* Action menu population: Fixed an issue where menus like “Test Widget” and “Export” were not always correctly populated.
* Webhook API key copy: Fixed a bug where copying the API key returned an incorrect value.
* Redirect test failures: Resolved a possible cause of failing tests when links performed redirects.

## What this means for you

This release does not require any immediate action. Existing widget integrations will continue to work as before unless you choose to configure the new whitelist.\
If you are using external APIs, you may want to review and configure language-specific error messages. Features like the removed Journey page will only impact users who previously relied on it.