Reference14r1:Release Notes Security
Jump to navigation
Jump to search
There are also other versions of this article available:
Reference13r1 | Reference13r2 | Reference13r3 | Reference14r1 (this version) | Reference14r2
This is the Security 14r1 Release Notes Document. It is an extract of the 14r1 Release Notes showing only the security fixes made. It can be used by security sensitive customers to decide whether an update of the innovaphone structure is needed with a new Service Release.
Service Releases are planned for the second Monday each month.
Please see the disclaimer before using the information presented here!
Security 14r1
14r1 Service Release 1 (1410485)
159317 - Advanced UI: Prevent XSL injection
The servlets for the advanced UI accept an "xsl" URL paramter that
specifies the XSLT file for displaying the corresponding page.
Before this fix it was possible to specify a URL containing a colon represented in XML entity encoding.
CVE-2024-28722
14r1 Service Release 4 (1410520)
14r1 Service Release 5
Other improvements in 14r1
157823 - AP Manager Login: Fix for brute force attacks
CVE-2024-24721
156999 - App Users: Prevent account enumerate
CVE-2024-24720