Security Issues Resolved in 2022.11

The following security issues were addressed in the 2022.11 release.

•

Restricted File Types for File Import

•

File Type Extensions in File Import no Longer Case Sensitive

•

Configuration Added for Avoiding Concurrent Sessions in Producer Portal and End-User Portal

Restricted File Types for File Import

The browser file upload dialogs in the Producer Portal and End-User Portal now restrict the types of files that can be imported. Valid file types depend on the product area and are as follows:

•

Producer Portal

•

System > Configure > Import: *.jar

•

Usage > Upload Historical Usage: *.csv

•

Licenses > Manual Activation: *.xml

•

Licenses > Manual Repair: *.xml

•

Licenses > Manual Return: *.xml

•

Devices > Offline Device Management > Generate license or confirm license reduction or return: *.xml, *.bin, *key

•

Devices > Offline Device Management > Upload synchronization history: *.xml, *.bin, *.syncref

•

Administer > Identities > Create Identity: *.bin

•

Administer > Identities > Update Identity: *.bin

•

Entitlements > List Entitlements > select an entitlement > Next > Web Register Key: *.xml

•

End-User Portal:

•

License Support > Manual Return: *.xml

•

License Support > Manual Repair: *.xml

•

Devices > Offline Device Management > Generate license or confirm license reduction or return: *.xml, *.bin, *key

•

Devices > Offline Device Management > Upload synchronization history: *.xml, *.bin, *.syncref

•

Activation & Entitlements > Offline Trusted Activation: *.xml

File Type Extensions in File Import no Longer Case Sensitive

When importing files into FlexNet Operations, the file extension is no longer treated as case sensitive.

Configuration Added for Avoiding Concurrent Sessions in Producer Portal and End-User Portal

A new configuration Prevent multiple browser sessions enables producers to disallow concurrent sessions in the Producer Portal and End-User Portal. The option is located under System > Configure > FlexNet Platform Server > General Options.

By default, multiple browser sessions are allowed. When multiple browser sessions are disallowed, users can still open multiple tabs.

Current Limitations

The new configuration is currently available only for FlexNet Operations deployments in AWS.

The fix does not apply to the following types of login:

•

Producer Portal: Single sign-on

•

End-User Portal:

•

Login with Entitlement ID

•

Login with Activation ID