AT:

• The process engine configuration has an option to configure a whitelist (as an regex)
• The whitelist is used to verify whether the id of an user, group, or tenant (which should be created) matches against it
• if not, then an exception is thrown and the user (group or tenant) is not created
• by default the regex allows only alphanumeric values

Hint:

• The change is documented in the upgrade guide 7.9 to 7.10
• When back porting the changes to 7.8 and 7.9 the current behavior should not break.