The following table lists the issues that are fixed in PowerFlex3.6.0.6.
Issue number & SR number | Problem summary |
---|---|
SCI-69209 | Lack of permissions policy header allows unauthorized access of web browser. Ensure to configure the web server, application server, and load balancer to set the permissions-policy header. |
SCI-69208 | If the cache-control header is missing, the browser and proxies create cache content. Ensure that the cache-control HTTP header is set with no-cache, no-store, and must-revalidate. The fix includes adding the missing content-security-policy header. |
SCI-69045 | When a cookie is set without the SameSite attribute, the cookie is sent as a result of a cross-site request forgery, cross-site script inclusion, and timing attack. Setting the SameSite cookie in Tomcat cookie processor fixes the security vulnerability. |
SCI-67390 | The SDC driver does not load on AWS Ubuntu for images that use AWS kernel (for example 5.13.0-1022-aws). You must switch from the AWS kernel to generic kernel to load the SDC driver. |
SCI-67236 | Removed TLS encryption method using Cipher Block Chaining (CBC) ECDHE-RSA-AES256-SHA384. |
SCI-66903 | Spring Data Commons installed on the remote host affects a remote code execution vulnerability.
Updated the Spring data commons to the following versions:
|
SCI-65602 | Added the missing content-security-policy header. Ensure to configure the web server, application server, and load balancer to achieve optimal browser support. |
SCI-64467 | Upgraded the following versions:
Upgraded the following versions for using JQuery v3.x:
Removed the following:
Fixed the CSS, JavaScript, and HTML codes to reduce browser warnings. |
SCI-66056 | Upgraded Jackson-Databind to version 2.13.4. Version 2.13.0 and earlier allows a Java StackOverflow exception and denial of service through a large depth of nested objects. |