RVY200802: Release Notes: RayVentory Data Hub 12.3.4540.41 [Update 5]
Release Notes: RayVentory Data Hub 12.3.4540.41 [Update 5]
Type:
Full Product
Purpose/Description:
New Cloud Connectors (Update 2022.2 Patch 1)[RR-3262]
In this version, the following new connectors have been added:
Workday
Huawei Cloud Stack
Nutanix Prism Central
Open Stack
Proxmox
Qualys
SAP Hybris Cloud for Customer (SAP C4C)
Security improvements:
Fixed a security issue with handling of user sessions, which - under rare circumstances - when using correct timing and certain unlikely preconditions could lead to an issue known as “session hijacking”. [RR-3315] [ZEN-20095]
Fixed a security issue, where JWT sessions tokens could contain encrypted sensitive information. [RR-3315] [ZEN-20095]
Issue RR-3315 means that an encrypted token, derived from user password, could be saved in application local storage. Successful use of this vulnerability requires physical access to the user machine and successful reverse engineering of RayVentory Data Hub code. This release removes the offending values from the security token for general Data Hub sign-in purposes. Adjustments in this version mean, that the encrypted tokens are never written in typical Data Hub authentication flow. These are however still required and present when LDAP-based authentication is enabled (Windows builds only).
Date Published:
2022/09/12
Requirements:
Refer to the Release Notes document for Hardware and Software requirements
Installation Instructions:
Detailed instructions for the installation can be found in the RayVentory Data Hub 12.3 User Guide.
Comments