Preview
CoreOne Authentication Service
The performance of the password policy check upon authentication has been improved.
CoreOne Self-Service Portal
Expired or deleted records like representations or delegations are hidden from the UI after 10 days. You can change this default value in the settings.
The current active menu has been highlighted more clearly
Various penetration tests have been conducted on the Self-Service portals and some minor issues have been found. They all have been fixed and it’s advised to update.
PKCE was added to the SwissId federation
Company activation was prone for XSS attacks
Breaking change:
frame-ancestors 'none'
has been added to the CSP header andX-Frame-Options: DENY
to the headers. If you have embedded the portal into another page, this will no longer work.Strict-Transport-Security: max-age
has been increades from2592000
to31536000
CoreOne Workflow Engine
Multiline support for acknowledge interaction has been added.