...
CoreOne Admin User Interface
The test connection action on the Exchange target system did not work properly in the past. The issue has been resolved.
CoreOne Authentication Services
The performance of the password policy check upon authentication has been improved.
If the
client_id
of a client was changed, this lead to a white consent page in the Self-Service Portal. This bug has been resolved.There are new settings that allow you to control the cleanup behavior of the TOTPs and the persisted grants such as authorization tokens
CoreOne Self-Service Portal
Expired or deleted records like representations or delegations are hidden from the UI after 10 days. You can change this default value in the settings.
The current active menu has been highlighted more clearly
The current user is selected as the default recipient of a order in the shop
Various penetration tests have been conducted on the Self-Service portals and some minor issues have been found. They all have been fixed and it’s advised to update.
PKCE was added to the SwissId federation
Company activation was prone for XSS attacks
Breaking change: The Content-Security-Policy has been configured more strict. Especially
frame-ancestors 'none'
has been added to the CSP header andX-Frame-Options: DENY
have been added to the CSP headers. If you have embedded the portal into another page, this will no longer work.Strict-Transport-Security: max-age
has been increades increased from2592000
to31536000
CoreOne Workflow Engine
...