This section provides Administration updates for CA Clarity PPM Release 14.1.
Before this release, storing an HTML page in the webroot folder could make the contents of that folder vulnerable to someone without proper credentials. For example, if you store index.html in the webroot folder, an unauthorized person could gain access to CAPA information without logging in. All the user needs is the server and port number: http://<servername>:<portnumber>/niku/index.html.
To resolve this issue, a new servlet filter (ClarityContentFilter) was introduced. The filter is registered in the following file: <installfolder>/tomcat-app-deploy/conf/web.xml. This servlet prevents users from accessing a page, image, script, or any other file without logging in to the product.
Upgrade Action: None
The following jobs have been added to create and manage data that you can use to analyze performance in an Apache Tomcat environment. You can add custom portlets, queries, or externally available content to provide details regarding system performance. Although the job runs for application servers other than Tomcat, no data is created.
This job imports and analyzes Tomcat access log files from the local CA Clarity PPM environment (all app services). The job stores and summarizes the data in the following designated tables:
This job removes the analysis-related data that is stored in CA Clarity PPM. The criteria for removing the data is the LOG_DATE on each of the log analysis tables.
The job is scheduled to run automatically at 1:00 A.M. each day.
Upgrade Action: None
Before Release 13.2.0.1, ODF_AUD_VALUE_FCT returned a value of type Varchar2. With the release of 13.2.0.1, the returned value type was changed to CLOB. This change increases the number of characters that are allowed for auditing multivalued lookups from 4,000 to an unlimited number of characters.
Upgrade Action: Update any reports or portlets that use ODF_AUD_VALUE_FCT.
Cross-Site Scripting (XSS) attacks insert malicious scripts into otherwise trusted web sites. A cross-site scripting attacker uses a web application to send malicious code, generally in the form of a browser side script, to an end user. These attacks succeed when a web application uses input from a user in the output it generates without validating or encoding the input.
To prevent XSS attacks, XSS user input validation and XSS user input restrictions are in place and managed by CA Technologies. If you require changes to the stock configuration, open a support ticket at support.ca.com.
With input validation, CA Clarity PPM compares the user input to a set of commonly used XSS string patterns. If any part of the user input matches one of the common patterns, CA Clarity PPM restricts the XSS string in the user input. The product restricts the XSS string by placing escape characters before and after the string.
The escape characters are visible to the end user. The characters instruct the browser to ignore any script or HTML tag that is attached to the user input. This output encoding ensures that the user input is treated as text and not active content that can be executed. This action helps ensure user input that is returned to the browser is safe from XSS.
The following options apply to user input validation.
Restricts the XSS string in the user input when the string matches a pattern in the CMN.XSS.PATTERNS option. This system option applies to the entire application, except the URL attributes and site links.
Restricts the URL attribute value (that you created with Studio) when the value matches a pattern in the CMN.XSS.PATTERNS option.
Restricts the site links entry value when the value matches a pattern in the CMN.XSS.PATTERNS option.
Defines the string patterns that are commonly used for XSS.
Upgrade Action: None
You can translate action item names and descriptions that are associated with processes. The advantage is that recipients see the action item in the language set for them.
For example, as the process creator, you translate an action item into all CA Clarity PPM supported languages. When the process is executed, the user working in CA Clarity PPM in French sees the action item in French. The user working in CA Clarity PPM in Turkish sees the action item in that language. This change improves the user experience because the action item is seen in the appropriate language.
You can translate an action item by using the translation icon that appears next to the Action Item Name field. The icon appears after the page for the action item is saved. Clicking the icon opens a dialog that lets you specify different language translations for the Action Item Name and Description fields.
Note: The Action Item translation icon is intended as an administrative tool and appears only for action items that are related to processes. The icon is not available to action item operations that end users perform from the Home menu.
Upgrade Action: None
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|