Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-9109

When a user, group, or tenant is created, the given id is validated against a whitelist

    XMLWordPrintable

Details

    Description

      AT:

      • The process engine configuration has an option to configure a whitelist (as an regex)
      • The whitelist is used to verify whether the id of an user, group, or tenant (which should be created) matches against it
      • if not, then an exception is thrown and the user (group or tenant) is not created
      • by default the regex allows only alphanumeric values

      Hint:

      • The change is documented in the upgrade guide 7.9 to 7.10
      • When back porting the changes to 7.8 and 7.9 the current behavior should not break.

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is depended on by

            Task - A task that needs to be done. CAM-9356 There exists a security notice for Whitelist Patterns and CSRF

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed
            is related to

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-9191 Prevent misleading error notification if id validation fails

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                michael.schoettes Michael Schoettes
                roman.smirnov Roman Smirnov
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce