Versions Compared

Old Version 12

changes.mady.by.user Danny Herrera

Saved on

compared with

New Version 13

changes.mady.by.user Francisco Sanchez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page maintains a list of all of the updates for version 4.0.1 of Aspire.


Info

As of this version, the Aspire code complaint with the Blackduck scanneris fully compliant with Black Duck's Protex scan. 

On this page:


Related pages:


Anchor
bugfixes
bugfixes
Bug Fixes

Anchor
AspireCore
AspireCore
Aspire Core and UI

  • Path traversal vulnerability.
  • Robot.txt implementation.
  • Unsafe third-party links.
  • Email address disclosure.
  • Missing security headers.
  • HTML comments with sensitive information disclosure.
  • Improver error handling with path information disclosure.
  • Import/Export all configuration functionality not working.
  • Refactor ldap cache code to comply with Protex scan.




Anchor
knownissues
knownissues
Known Issues

Anchor
AspireCore2
AspireCore2
Aspire Core 

  • Insecure data transmission. HTTPS is supported, although not active by default. This will be addressed in the next Aspire major version. For more information please see: Using Aspire via HTTPs.
  • Cookies not using "secure" attributes. Will be addressed in the next Aspire major version.