Reference14r1:Release Notes Security: Difference between revisions
Jump to navigation
Jump to search
(Created page with "This is the Security 14r1 Release Notes Document. It is an extract of the 14r1 Release Notes showing only the security fixes made. It can be used by security sensitive customers to decide whether an update of the innovaphone structure is needed with a new Service Release. Service Releases are planned for the second Monday each month. Please see ''the disclaimer'' before usin...") Tags: mobile web edit mobile edit |
No edit summary |
||
| Line 10: | Line 10: | ||
[[Category:Release Notes|Security]] | [[Category:Release Notes|Security]] | ||
__NOCACHE__ | |||
Latest revision as of 14:52, 28 February 2024
This is the Security 14r1 Release Notes Document. It is an extract of the 14r1 Release Notes showing only the security fixes made. It can be used by security sensitive customers to decide whether an update of the innovaphone structure is needed with a new Service Release.
Service Releases are planned for the second Monday each month.
Please see the disclaimer before using the information presented here!
Security 14r1
14r1 Service Release 1 (1410485)
159317 - Advanced UI: Prevent XSL injection
The servlets for the advanced UI accept an "xsl" URL paramter that
specifies the XSLT file for displaying the corresponding page.
Before this fix it was possible to specify a URL containing a colon represented in XML entity encoding.
CVE-2024-28722
14r1 Service Release 4
Other improvements in 14r1
157823 - AP Manager Login: Fix for brute force attacks
CVE-2024-24721
156999 - App Users: Prevent account enumerate
CVE-2024-24720