Versions Compared

Old Version 19

changes.mady.by.user Pablo Bonilla

Saved on

compared with

New Version Current

changes.mady.by.user Danny Herrera

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page maintains a list of all the updates for version 4.0.1 of Aspire.


Info

As of this version, the Aspire code is fully compliant with Black Duck's Protex scan. 

On this page:

Related pages:


Anchor
bugfixes
bugfixes
Bug Fixes

Anchor
AspireCore
AspireCore
Aspire Core and UI

  • Path traversal vulnerability.
  • Robot.txt implementation.
  • Unsafe third-party links.
  • Email address disclosure.
  • Missing security headers.
  • HTML comments with sensitive information disclosure.
  • Improved error handling with path information disclosure.
  • Import/Export all configuration functionality not working.
  • Refactor LDAP cache code to comply with Protex scan.

  • Removed aspire-hash-table and aspire-parser components as they are deprecated.



Anchor
knownissues
knownissues
Known Issues

Anchor
AspireCore2
AspireCore2
Aspire Core 

  • Insecure data transmission. HTTPS is supported, although not active by default. This will be addressed in the next Aspire major version. For more information please see: Using Aspire via HTTPs.
  • Cookies not using "secure" attributes. Will be addressed in the next Aspire major version.