Loading...

XML

Word

Printable

Type: Bug Report
Resolution: Fixed
Priority: L3 - Default
Fix Version/s: 7.10.0, 7.7.9, 7.8.8, 7.9.2, 7.10.0-alpha2
Affects Version/s: 7.10.0-alpha1
Component/s: engine
Labels:
- SUPPORT

AT:

The process engine configuration has an option to configure a whitelist (as an regex)
The whitelist is used to verify whether the id of an user, group, or tenant (which should be created) matches against it
if not, then an exception is thrown and the user (group or tenant) is not created
by default the regex allows only alphanumeric values

Hint:

The change is documented in the upgrade guide 7.9 to 7.10
When back porting the changes to 7.8 and 7.9 the current behavior should not break.

This is the controller panel for Smart Panels app

is depended on by

CAM-9356 There exists a security notice for Whitelist Patterns and CSRF

Closed

is related to

CAM-9191 Prevent misleading error notification if id validation fails

Closed

Assignee:: Michael Schoettes

Reporter:: Roman Smirnov

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 29/May/18 9:13 AM

Updated:: 17/Jun/19 3:19 PM

Resolved:: 10/Jul/18 3:55 PM