Success4 Release Note Version 1.27.49_April_12_2023

VAPT Changes (Vulnerability Assessment and Penetration Testing):

1 Cross Domain Script Include.

2 No Rate Limit Set.

3 CSV Injection.

4 Improper Implementation.

5 Unrestricted File Upload.

6 Mass Assignment.

7 Vulnerable Version.

8 Missing Content Security Policy.

9 HTML5: Cross-Site Scripting Protection Not Set.

10 Web Server Misconfiguration: Insecure Content Type Setting.

11 No Cache-Control and Pragma HTTP Header Set.

12 Cookie Security: Http Only and Secure Flag Not Set.

13 No Input Validation.

14 Cookie Security: Same Site Flag Not Set.

15 No Credential Obfuscation.

16 Missing Server-Side Validation.

17 Autocomplete Enabled.

18 Concurrent Login.

19 Browser Storing Credential in Clear Text.

20 JSON Web Token Expiration.

Bug Fix:

1 The due date timestamp is now an IST timestamp instead of UTC when creating an action for a playbook.

2 The tree map, score component, and distribution KPI component are displayed as expected when created on the same dashboard.

3 Calendar UI alignment bug is fixed.

Enhancement:

1 Longer texts are wrapped for better readability.

2 We added a search filter to the data management page for easier data object retrieval.