ReleaseNotes14r1:Security: Difference between revisions
		
		
		
		Jump to navigation
		Jump to search
		
| m Mpu moved page Reference14r1:Release Notes Security to ReleaseNotes14r1:Security without leaving a redirect | No edit summary | ||
| Line 1: | Line 1: | ||
| This is the Security 14r1 Release Notes Document. It is an extract of the [[ | This is the Security 14r1 Release Notes Document. It is an extract of the [[ReleaseNotes14r1:Firmware | 14r1 Release Notes]] showing only the security fixes made. | ||
| It can be used by security sensitive customers to decide whether an update of the innovaphone structure is needed with a new Service Release.   | It can be used by security sensitive customers to decide whether an update of the innovaphone structure is needed with a new Service Release.   | ||
Latest revision as of 07:59, 14 November 2024
This is the Security 14r1 Release Notes Document. It is an extract of the 14r1 Release Notes showing only the security fixes made. It can be used by security sensitive customers to decide whether an update of the innovaphone structure is needed with a new Service Release.
Service Releases are planned for the second Monday each month.
Please see the disclaimer before using the information presented here!
Security 14r1
14r1 Service Release 1 (1410485)
159317 - Advanced UI: Prevent XSL injection
The servlets for the advanced UI accept an "xsl" URL paramter that
specifies the XSLT file for displaying the corresponding page.
Before this fix it was possible to specify a URL containing a colon represented in XML entity encoding.
CVE-2024-28722
14r1 Service Release 12 (1410589)
14r1 Service Release 4 (1410520)
14r1 Service Release 5
14r1 Service Release 6 (1410555)
14r1: End of life
Other improvements in 14r1
157823 - AP Manager Login: Fix for brute force attacks
CVE-2024-24721
156999 - App Users: Prevent account enumerate
CVE-2024-24720