Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Dell PowerFlex 3.6.0.6 Release Notes

PDF

Fixed issues

The following table lists the issues that are fixed in PowerFlex3.6.0.6.

NOTE If an issue was reported by customers, the customers' Service Request numbers appear in the "Issue number & SR number" column, and correlate between customer-reported issues and the PowerFlex issue number.
Table 1. Fixed issues
Issue number & SR number Problem summary
SCI-69209 Lack of permissions policy header allows unauthorized access of web browser. Ensure to configure the web server, application server, and load balancer to set the permissions-policy header.
SCI-69208 If the cache-control header is missing, the browser and proxies create cache content. Ensure that the cache-control HTTP header is set with no-cache, no-store, and must-revalidate. The fix includes adding the missing content-security-policy header.
SCI-69045 When a cookie is set without the SameSite attribute, the cookie is sent as a result of a cross-site request forgery, cross-site script inclusion, and timing attack. Setting the SameSite cookie in Tomcat cookie processor fixes the security vulnerability.
SCI-67390 The SDC driver does not load on AWS Ubuntu for images that use AWS kernel (for example 5.13.0-1022-aws). You must switch from the AWS kernel to generic kernel to load the SDC driver.
SCI-67236 Removed TLS encryption method using Cipher Block Chaining (CBC) ECDHE-RSA-AES256-SHA384.
SCI-66903 Spring Data Commons installed on the remote host affects a remote code execution vulnerability.
Updated the Spring data commons to the following versions:
  • Spring-Core: v5.3.20
  • Spring-Security-Core: v5.7.1
SCI-65602 Added the missing content-security-policy header. Ensure to configure the web server, application server, and load balancer to achieve optimal browser support.
SCI-64467 Upgraded the following versions:
  • JQuery: v3.6.0
  • lQuery UI: v1.13.2
  • Bootstrap: v3.4.1
Upgraded the following versions for using JQuery v3.x:
  • jqGrid: v4.5.4
  • Bootstrap: v3.4.1
Removed the following:
  • Redundant Angular app
  • Redundant JavaScript and CSS files

Fixed the CSS, JavaScript, and HTML codes to reduce browser warnings.

SCI-66056 Upgraded Jackson-Databind to version 2.13.4. Version 2.13.0 and earlier allows a Java StackOverflow exception and denial of service through a large depth of nested objects.

Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\