February 5, 2024
Assure Version 9.6 Fix pack IA-9.6-22809-0 Release Announcement
Assure Version 9.6 Fix pack IA-9.6-22809-0 is now available with details below. This patch addresses the following software defect:
Issue Number
|
Details
|
IA-56198 |
Fixed cross-site scripting vulnerabilities with result action definition report viewing and the uses security profile filter chooser. |
IA-56202 |
Upgraded the font-awesome library used for icons to address security concerns. |
IP-7286 |
Fixed an issue where a #UIP002 invalid parameter value error was shown when a user attempts to produce a PDF of report views for Assure DQ test layout or test capture source results. |
IP-7400 |
Fixed an issue where passwords containing an open bracket character caused deployment failures on WildFly. |
IP-7421 |
Fixed an issue with LDAP security configuration on WildFly where a group mapped to multiple roles causes a role authorization error message after logging in. |
IP-7430 |
Fixed an issue with Calendars where an attacker could manipulate the calendar name to cause an XSS attack when the calendar is displayed. Also fixed an issue where producing a definition report could execute html that might be present in the description or name of an object like a calendar. |
IP-7432 |
Corrected an issue where configuration properties containing sensitive information were included in jar files that were deployed to the ER Rich Client. |
IP-7452 |
Fixed an issue where an error message due to a cross-site scripting attack will execute that attack if the user clicks "Show Details" |
IP-7453 |
Fixed a potential SQL injection issue with listing security profiles used by the security profile chooser in filter panels. |
You could find the Release Notes and Installation Guide, along with all the release files at https://data.precisely.com
Please find attached Release Notes for more detailed information on installation steps.
Ejazul Haque