Special thanks go to Norbert Klasen for responsibly disclosing this issue to us. This hotfix includes CVE-2020-25839 that addresses a potential injection attack. OCTCR28Q286157: idmdash making unwanted REST calls to /rest/access/rob when logging in to the dashboard. OCTCR28Q283211: idmdash making multiple REST calls to /IDMProv/rest/access/tasks/badge?limit=200 rather than one to load the tasks on Applications > My Approvals page in the Dashboard. OCTCR28Q283419: getWorkEntriesRequest SOAP endpoint returns NPE if no task is assigned to the user. OCTCR28Q232125: User search on New Request page returns NPE when requesting permissions for others. OCTCR28Q282552: Team Manager and administrators are unable to search users while requesting permissions for others, if additional user search attributes have been added in the Settings page. OCTCR28Q280503: Conditions defined in DAL relationship in Designer are not used correctly when searching users in a team on New Request page. OCTCR28Q282474: Team managers unable to reassign their tasks to the reporting manager. OCTCR28Q231611: Assigning role to groups and containers does not trigger an approval process when approval is configured for that role.
Edit WEB-INF/web.xml to add the filter element as mentioned in OpenSSO documentation. OCTCR28Q282683: Resource modification leading to an issue in the /rest/catalog/resources/resourceV2 API that results in mix up of key value pair of the resource categories. Create a backup of the .self-service.ear file, and then extract it in a temporary location.
0 kommentar(er)
