Security Improvements

The passwords from Restful Interfaces, ECF Web Server, Universal Queue and Connection Web Server (COWS) as well as the Tomcat's keystore password are now stored in a vault. Incident ID: 0020751295 0000135081 2020

Supervisor Dashboard and Communication Panel security has been hardened with additional Cross Site Scripting (XSS) countermeasures.

The +modify event type of audit logging has been added to Agent Server (BcmApi and WebClient), Batch Job Server, ACI and RiApi.

SAP UI5 version has been upgraded in Embedded Communications Framework (ECF) from 1.46.9 to 1.52.45 and Communication Panel from 1.71 to 1.71.23.

Java-based components have been updated:
  • cors.filter 2.9 -> 2.9.1
  • org.apache.poi 4.1.2 -> 5.0.0
  • nimbus-jose-jwt 9.1.2 -> 9.4.1
  • bcpkix-jdk15on 1.67 -> 1.68
  • spring 5.3.1 -> 5.3.3
  • redisson 3.13.6 -> 3.14.1
  • guava 30.0-jre -> 30.1-jre
  • hibernate-validator 6.1.5.Final -> 6.2.0.Final
  • jackson 2.11.3 -> 2.12.1
  • tomcat 8.5.59 -> 8.5.61
  • jersey 2.32 -> 2.33
  • woodstox-core 5.1.0 -> 6.2.3
  • batik-svgbrowser 1.13 -> 1.14