You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 14
Next »
This page maintains a list of all of the updates for version 4.0.1 of Aspire.
Bug Fixes
Aspire Core and UI
- Path traversal vulnerability.
- Robot.txt implementation.
- Unsafe third-party links.
- Email address disclosure.
- Missing security headers.
- HTML comments with sensitive information disclosure.
- Improver error handling with path information disclosure.
- Import/Export all configuration functionality not working.
- Refactor ldap cache code to comply with Protex scan.
Known Issues
Aspire Core
- Insecure data transmission. HTTPS is supported, although not active by default. This will be addressed in the next Aspire major version. For more information please see: Using Aspire via HTTPs.
- Cookies not using "secure" attributes. Will be addressed in the next Aspire major version.