13.1.2

Security improvements

Breaking Change

As part of the security improvements, scripting in processes is now restricted by a whitelist. If your application uses custom scripting classes, you may need to whitelist them explicitly.

A security advisory has been published here.
Users with administrator privileges previously had access to unnecessary resources through the scripting engine in processes.
To mitigate this, Valtimo now restricts scripting access by default, allowing only a limited set of methods and classes.

For migration details, see: Whitelisting Scripting classes.

Bugfixes

Improved the migration script for migrating Camunda web-app roles to the corresponding Operaton web-app roles. The application should no longer break when starting up when those Operaton web-app roles were already present before running the migrating.

Previous13.1.3 Next13.1.1

Last updated 5 days ago