...
The performance of the password policy check upon authentication has been improved.
If the
client_id
of a client was changed, this lead to a white consent page in the Self-Service Portal. This bug has been resolved.
CoreOne Self-Service Portal
Expired or deleted records like representations or delegations are hidden from the UI after 10 days. You can change this default value in the settings.
The current active menu has been highlighted more clearly
The current user is selected as the default recipient of a order in the shop
Various penetration tests have been conducted on the Self-Service portals and some minor issues have been found. They all have been fixed and it’s advised to update.
PKCE was added to the SwissId federation
Company activation was prone for XSS attacks
Breaking change: The Content-Security-Policy has been configured more strict. Especially
frame-ancestors 'none'
has been added to the CSP header andX-Frame-Options: DENY
have been added to the CSP headers. If you have embedded the portal into another page, this will no longer work.Strict-Transport-Security: max-age
has been increades increased from2592000
to31536000
CoreOne Workflow Engine
...