This page maintains a list of all the updates for version 4.0.1 of Aspire.


As of this version, the Aspire code is fully compliant with Black Duck's Protex scan. 

On this page:

Related pages:


Bug Fixes

Aspire Core and UI

  • Path traversal vulnerability.
  • Robot.txt implementation.
  • Unsafe third-party links.
  • Email address disclosure.
  • Missing security headers.
  • HTML comments with sensitive information disclosure.
  • Improved error handling with path information disclosure.
  • Import/Export all configuration functionality not working.
  • Refactor LDAP cache code to comply with Protex scan.

  • Removed aspire-hash-table and aspire-parser components as they are deprecated.



Known Issues

Aspire Core 

  • Insecure data transmission. HTTPS is supported, although not active by default. This will be addressed in the next Aspire major version. For more information please see: Using Aspire via HTTPs.
  • Cookies not using "secure" attributes. Will be addressed in the next Aspire major version.


  • No labels