| Info |
|---|
Preview |
CoreOne Admin User Interface
...
The performance of the password policy check upon authentication has been improved.
If the
client_idof a client was changed, this lead to a white consent page in the Self-Service Portal. This bug has been resolved.There are new settings that allow you to control the cleanup behavior of the TOTPs and the persisted grants such as authorization tokens
CoreOne Self-Service Portal
Expired or deleted records like representations or delegations are hidden from the UI after 10 days. You can change this default value in the settings.
The current active menu has been highlighted more clearly
The current user is selected as the default recipient of a order in the shop
Various penetration tests have been conducted on the Self-Service portals and some minor issues have been found. They all have been fixed and it’s advised to update.
PKCE was added to the SwissId federation
Company activation was prone for XSS attacks
Breaking change: The Content-Security-Policy has been configured more strict. Especially
frame-ancestors 'none'has been added to the CSP header andX-Frame-Options: DENYhave been added to the CSP headers. If you have embedded the portal into another page, this will no longer work.Strict-Transport-Security: max-agehas been increades increased from2592000to31536000
CoreOne Workflow Engine
...