Release 8.1.11 - Pilatus

CoreOne Admin User Interface

  • The test connection action on the Exchange target system did not work properly in the past. The issue has been resolved.

CoreOne Authentication Services

  • The performance of the password policy check upon authentication has been improved.

  • If the client_id of a client was changed, this lead to a white consent page in the Self-Service Portal. This bug has been resolved.

  • There are new settings that allow you to control the cleanup behavior of the TOTPs and the persisted grants such as authorization tokens

CoreOne Self-Service Portal

  • Expired or deleted records like representations or delegations are hidden from the UI after 10 days. You can change this default value in the settings.

  • The current active menu has been highlighted more clearly

  • The current user is selected as the default recipient of a order in the shop

  • Various penetration tests have been conducted on the Self-Service portals and some minor issues have been found. They all have been fixed and it’s advised to update.

    • PKCE was added to the SwissId federation

    • Company activation was prone for XSS attacks

    • Breaking change: The Content-Security-Policy has been configured more strict. Especially frame-ancestors 'none' and X-Frame-Options: DENY have been added to the CSP headers. If you have embedded the portal into another page, this will no longer work.

    • Strict-Transport-Security: max-age has been increased from 2592000 to 31536000

CoreOne Workflow Engine

  • Multiline support for acknowledge interaction has been added.

 

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.