This section lists bugs that are resolved in this release.
Referenced PR ID | Description |
|---|
| INST-7486 | Security: Microsoft ASP.NET MS-DOS Device Name |
possible DoS attack vector (Port 80 & 443) |
| INST-8488 | Security: User activity auditing capability |
| INST-10841 | Compare view displays revisions incorrectly in full screen mode |
| INST-12117 | Security: Session Token in URL |
, found during penetration test |
| INST-12118 | Security: Session cookie |
not | set with the Secure flag |
| INST-12907 | Preview - Approve All button is greyed out when redeeming Secure Link for selected pages |
| INST-13189 | Show "Work in Progress" in page UI |
| INST-13211 | Failed uploads missing in job history |
| INST-13223 | Security: |
Implement reCAPTCHA to protect against Email Spamming| reCAPTCHA implementation |
| INST-13258 | Managed Services: Set Application Pools to AlwaysRunning |
| INST-13400 |
Security: | Adding users through spreadsheet allows them login without password change |
| INST-13504 | Icons for Approval Not Requested and Waiting for Corrections |
| INST-13523 | Security: Path-relative stylesheet import (PRSSI) vulnerability |
| INST-13534 | Security: HTML5 Local storage |
is -13608Security: CSP: Wildcard Directive, CSP: style-src unsafe-inline, and Absence of Anti-CSRF Tokens| -13578 | Pressproof - improved memory performance |
| INST-13590 | PressProof - Surface renders when not supposed to, but doesn't rewrite surface PNG file |
| INST-13594 | Cookie notification at login page |
| INST-13608 | Security: Other vulnerabilities |
| INST-13617 | Security: |
IPP should be protected from | Zero day log4j vulnerability |
| INST-13621 | RBA: Create User action completes but not creating a user |
| INST-13637 | Security: HTTP header information |
disclosure. |
| INST-13638 | Security: Confirmation email not sent on user password change |
| INST-13639 | Security: Sensitive data |
is locally |
| INST-13640 | Security: Cookie missing HTTPOnly flag |
| INST-13641 | Security: Host header injection vulnerability |
| INST-13642 | Security: Email bombing |
is possible with InSite |
| INST-13645 | Security: Passwords |
are emailed 10841HTML5 Smart Review : Compare view display revisions incorrectly in full screen mode. | | INST-12907 | Preview - Approve All button is greyed out when redeeming Secure Link for selected pages |
| INST-13258 | Managed Services: The IPP installer and/or ICU should change all Application Pools to AlwaysRunning from OnDemand |
| INST-13578 | Pressproof - Better memory performance needed |
| Security: Block uploads of a webshell and execute “tasklist” |
| INST-13667 | Reword 'Delete Job' right to 'Delete Job (Staff User only)' |
INST-13590 | PressProof - Surface renders when not supposed to, but doesn't rewrite surface PNG file |
| INST-13673 | Page selection acts |
odd | wrong when sorted by Position |
-- for job with multi page set500 internal server error when open | Server error on administration page after satellite join to enterprise. |
