The Invoke Java operator can now run only on agents. This change removes the potential for an internal user to inadvertently corrupt an Orchestrator with custom code added to this operator. For details on changes to the Invoke Java operator, see Java-Related Improvements.
Communication between CA EEM and CA Process Automation can now be secured with certificates with longer key lengths if you use CA EEM r12.5. For details on support for new certificate lengths, see CA EEM r12.51 Support.
HTTPOnly flag set in Orchestrator session cookies.
Formerly, CA Process Automation Orchestrators did not set the HttpOnly flag when creating session cookies.
Now, as a security enhancement, Orchestrators set the HttpOnly flag when creating session cookies. This helps prevent cross-site scripting and other types of attacks.
