2025.0.0 Release Notes
  • 22 May 2025
  • 1 Minute to read
  • Dark
    Light

2025.0.0 Release Notes

  • Dark
    Light

Article summary

2025.0.0 Release Notes

Feature Improvements

Reference Number(s)SummaryComponents
RILTS-715CSP Hardening: Phase IWeb Security
 RILTS-713 Allow script attributes in custom htmlWeb Security

Resolved Issues

Reference Number(s)SummaryComponents
RILTS-715CSP Hardening: Phase IWeb Security
 RILTS-718 New CSP rules which include 'style-src-elem' directive break Safari load of any CSS formatting, but changing to 'style-src' works fine for allWeb Security
 RILTS-692 Spawned from --> 2023 RIC External Pen - Cobalt.io #PT20021_1 - Stored XSS via Configuration > Systems > ImagesWeb Security
 RILTS-685 ZAP Scan: CSP: Wildcard Directive, script-src unsafe-inline, & style-src unsafe-inline issues reported on 3 URLs: main URL path, /idp/AuthnEngine, and sitemap.xml for RI LTSWeb Security
 RILTS-684 ZAP Scan: Absence of Anti-CSRF Tokens in idp/AuthnEngine for LTSWeb Security


Updated on Thu May 22 2025 17:03:24 GMT-0400 (Eastern Daylight Time)


Was this article helpful?