IdentityIQ 7.3p7 is now available
This release includes general improvements in quality, security, and performance. Additional information about issues resolved in this release can be found in the identityiq-7.3p7-README.txt file accompanying the release.
Highlights
- This patch contains a fix for an important security vulnerability that was previously announced. The vulnerability is related to Cross Site Request Forgery (CSRF) protections not being applied to all required URL paths. As with all software vulnerabilities, we recommend that all customers apply this patch or the e-fix for IIQSAW-3516 available in the Product Download Center on Compass as soon as possible.
- Passwords and other sensitive data entered in work items and other workflow forms are now kept in memory and persisted in the database as encrypted values. This data will need to be decrypted prior to use or referenced in custom workflow implementations or implemented business logic that it calls.
- There is now a size limit for files uploaded in Import Objects, Batch Request, and Entitlement Import. The default value is 1000MB, and can be configured using the init-params for the MyFacesExtensionsFilter in the web.xml file.