Configuration - 2.2.2
Correction of vulnerabilities
- Specific cases of the Directory Traversal vulnerability that existed in some electronic file upload and download End Points have been fixed.
- The XSS vulnerability that occurred when editing the search parameters in the view screens of the system has been fixed.
- The writing permission of the PHP user in the server has been restricted to prevent attacks from uploading arbitrary executable PHP codes to the application.
Logging into mobile devices with QR codes
From this version onwards, it will be possible to generate a QR code in SoftExpert Suite to log into the mobile application in a practical way, simply by scanning the code. This avoids the need to manually enter user and password information when trying to access your accounts in the mobile device.
This new feature has been integrated with the connected devices tab, which is located in the user profile section:
Upon accessing the tab, the user can generate the QR code in a fast and safe way, and simply scan it with their own mobile device to access their account.
A QR Code can also be accessed through SoftExpert Configuration, in the Configuration > System (CM006) menu, through the Advanced section. However, the QR Code on this page is destined only for a simpler domain configuration in the application, facilitating login. Thus, it only provides the necessary data for users to fill out the domain field.
Team provisioning via SCIM
Version 2.2.2 provides support to team synchronization in the SCIM standards, in addition to the traditional format via LDAP. We recommend using the SCIM standards due to its improved performance and ease of configuration and maintenance.
For further information, refer to the Configuring group provisioning section in the Identity and authentication documentation.
View the latest improvements made to this component: