Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Page Properties
labeljirareport


Date

 

Issues

Jira Legacy
serverSSDT System JIRA
jqlQueryproject = 'USPSR' AND fixVersion in ('6.65.1')
counttrue
serverId925ea1db6d21ed14-0df83f48-3e913cc2-bcfbad28-6b1c8a04f6ca6548879d10d6

Build Date

2022-05-09 03:15:27



Summary

This release of USPS-R contains bug fixes and improvements. See highlights below.


Important highlights from this release

  • Bug Fixes
    • Prevent password from being audited in the Password Change event


Info

A bug was discovered in the 6.65.0 release of USPS-R that could allow the writing of a local users user's password to a database table as plaintext. This could only happen if the user's password was reset, either by the admin user or from the change password option on the home page, and the password changed change happened between the release of 6.65.0 (0305/0506/2022) and 6.65.1 (0305/10/2022). The password could be included in an Auditable Events template report that is only accessible by users with the ADMIN_AUDITEVENTS permissions. By default, this is only the Admin user in USPS-R. 

The hotfix will remove any of the possible stored passwords from the Auditable Events table and also prevent the password property from being audited in the future. 

To see if any users have changed their passwords since USPS-R 6.65.0, run the SSDT Auditable Events report with the start date of 35/56/2022 and end date of 35/1011/2022. Once the report generates look for User Password Change Event and Admin Password Change Event. It is recommended that any user you find here should have its password reset. 


All updates for this release

Jira Legacy
serverSSDT System JIRA
columnIdsissuekey,summary,issuetype,status,resolution
columnskey,summary,type,status,resolution
maximumIssues40
jqlQueryproject = 'USPSR' AND fixVersion in ('6.65.1') ORDER BY type ASC
serverId925ea1db6d21ed14-0df83f48-3e913cc2-bcfbad28-6b1c8a04f6ca6548879d10d6