2025.0.0 Release Notes
Feature Improvements
| Reference Number(s) | Summary | Components |
|---|
| RILTS-715 | CSP Hardening: Phase I | Web Security |
| | RILTS-713 | | Allow script attributes in custom html | Web Security |
Resolved Issues
| Reference Number(s) | Summary | Components |
|---|
| RILTS-715 | CSP Hardening: Phase I | Web Security |
| | RILTS-718 | | New CSP rules which include 'style-src-elem' directive break Safari load of any CSS formatting, but changing to 'style-src' works fine for all | Web Security |
| | RILTS-692 | | Spawned from --> 2023 RIC External Pen - Cobalt.io #PT20021_1 - Stored XSS via Configuration > Systems > Images | Web Security |
| | RILTS-685 | | ZAP Scan: CSP: Wildcard Directive, script-src unsafe-inline, & style-src unsafe-inline issues reported on 3 URLs: main URL path, /idp/AuthnEngine, and sitemap.xml for RI LTS | Web Security |
| | RILTS-684 | | ZAP Scan: Absence of Anti-CSRF Tokens in idp/AuthnEngine for LTS | Web Security |
Updated on Thu May 22 2025 17:03:24 GMT-0400 (Eastern Daylight Time)