CSM 10.2.2 Documentation

Home

CSM 10.2.0 Security Updates

CSM 10.2.0 Security Updates: this list describes security enhancements and fixes that were reported in previous releases.

Cherwell recommends that you upgrade to this version to ensure the security of your installation.

  • CSM-55128 Security: Menu items that are configured to be visible only when users are logged in are now hidden when users are not logged in.
  • CSM-57790 CSM Administrator: When opening the User Manager window, the cursor now starts in the Search Control.
  • CSM-67672 Business Object: Removed redundant error notifications when users search for Business Objects they don't have rights to view.
  • CSM-67708 Security: Enhanced attachment security on CSM Web Applications. Empty metadata elements associated with the attachment request are not allowed. This change also requires uploaded files to include an extension.
  • CSM-69240 Security Groups: Fixed an issue that caused the Save button to be incorrectly enabled when a Security Group that had a default e-mail address specified was viewed.
  • DR 1146 Portal: Fixed an issue where the Edit button on the Portal was still clickable when the logged-in user did not have the rights to edit the record.
  • DR 44535 Security: Fixed issue where SAML logins would fail if the "Active Directory group membership" user setting was checked.
  • DR 44651 Security Groups: Fixed an issue where sites and document repository items with conditional rights were not correctly displayed in the Security Groups settings dialog.
  • DR 45287 Security Vulnerability: Renaming a Role now updates the Name of the Def as well as the DisplayName. This prevents the "Role already exists error" from occurring.
  • DR 50028 Security: In Browser Client, when you run a search using the Search Widget, the correct HTTP header return type for search results is now used.
  • DR 50273 Approvals: Customer workgroups are no longer shown when selecting teams for a user.
  • DR 50378 Security: Fixed an issue where the workers were still displayed as logged in under the 'Logged-In Users' dialog after stopping the Cherwell Service Host.
  • DR 50423 Security: Fixed an issue where a User Agent was not being set when an Email Monitor accessed embedded images while processing emails.
  • DR 50549 Security: Fixed an issue that allowed authenticated users to view attachments on other users' business objects from the portal with attachment ID.
  • DR 50561 Security Vulnerability: Added validation to the ReturnUrl parameter on requests to logout of the of the Cherwell REST API to prevent redirects to potentially malicious sites. Any URIs that are either on the client's whitelist or set as a Portal site's custom logout URL will be permitted.

Was this article useful?    

Copyright © 2023, Ivanti, Inc. All rights reserved.

Privacy and Legal