Default Legal Hub - Security Enhancement

 Product Area: Legal Hub

 Impact of Change: Security Improvement

 Roles Impacted: Admins, All customers using Legal Hub functionality

 Description: 

We've enhanced the security of our Legal Hub functionality by introducing a feature flag to control access to the default "/legal" links!

 What's changing? 

Previously, the default Legal Hub available at yourdomain.com/legal was:

• Always accessible, even if not explicitly made public

• Could not be disabled unlike other Legal Hubs

• Automatically linked to all agreements in the Legal Hub repository

This created a potential security concern where anyone who knew the URL could access all linked agreements, regardless of intended visibility settings.

 Our solution: 

We've implemented a feature flag that allows us to disable direct access to the default "/legal" link. When enabled:

• The "/legal" link will redirect users to a customer-specified default Legal Hub

• Agreements that were only hosted on the default "/legal" link will no longer be accessible by using the link "/legal/[agreement-name]"

• Users will only be able to access agreements hosted on public, active Legal Hubs

 Why this matters: 

This enhancement gives you greater control over your legal document visibility and improves compliance by ensuring only properly published agreements are accessible to the public.

 How to Enable: 

This is a controlled feature flag that our team can enable upon request. Please reach out to our customer success representative to get this functionality enabled.

 Help center article: Linking an agreement to Legal Hub 

Note: After enabling the flag, please switch the home page for the legal hub (you can just select any hub and then select your previous hub as the home page). This is needed to clear the cache.