Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The performance of the password policy check upon authentication has been improved.

  • If the client_id of a client was changed, this lead to a white consent page in the Self-Service Portal. This bug has been resolved.

CoreOne Self-Service Portal

  • Expired or deleted records like representations or delegations are hidden from the UI after 10 days. You can change this default value in the settings.

  • The current active menu has been highlighted more clearly

  • The current user is selected as the default recipient of a order in the shop

  • Various penetration tests have been conducted on the Self-Service portals and some minor issues have been found. They all have been fixed and it’s advised to update.

    • PKCE was added to the SwissId federation

    • Company activation was prone for XSS attacks

    • Breaking change: The Content-Security-Policy has been configured more strict. Especially frame-ancestors 'none' has been added to the CSP header and X-Frame-Options: DENY have been added to the CSP headers. If you have embedded the portal into another page, this will no longer work.

    • Strict-Transport-Security: max-age has been increades increased from 2592000 to 31536000

CoreOne Workflow Engine

...