Security changelog
For our customers’ protection, Appspace makes regular security updates to its software. For on-premises customers, it is important that you keep up to date with the latest software release in order to maintain the highest level of security. Below is a table of recent security changes found in Appspace.
| Description | Benefit | Platform Area | Available In |
|---|---|---|---|
| Added Single Sign-On (SSO) support. | Administrators can now configure Appspace to authenticate users with any SAML 2.0 compliant corporate identity provider. | User Authentication | 5.2.0 |
| Updated SSO behavior to combat potential vulnerabilities. | Ensures that new types of unauthorized login attempts cannot by-pass SSO authentication. | User Authentication | 5.5.1 |
| Webpage content now utilizes HTTP Basic Authentication when passed to the Appspace App with Base64 encoding. | Ensures passwords are masked and encoded during transmission to Appspace App. | Password Security | 5.11.1 |
| Masked connection strings and passwords for widgets, and utilized HTTP Basic Authentication with Base64 encoding. | Ensures connection strings and passwords for Workbook, RSS Ticker, RSS Viewer, Table Listing, and Remote Control widgets in signs, are masked and encoded during transmission. | Password Security | 5.11.0 |
| Improved encryption for data provider passwords. | All connected data provider passwords are encrypted once saved. | Password Security | 5.11.4 |
| Enhanced user password complexity and encryption for non-SSO and non-Active Directory accounts. | Password complexity feature generates more secure passwords for new users, which are also encrypted when saved. | Password Security | 5.1.0 |
| Updated SQL injection query methods. | Prevents unauthorized attempts to view, modify, or delete database entries and tables. | Database Security | 5.11.1 |
| Updated UserNavigation API. | Prevents the display of exclusive information such as file paths or IP addresses. | API Security | 5.7.2 |
| Updated the test method for webpage authentication. | When validating webpage authentication, in the library or signs, the validation will be processed server-side. | Browser Security | 5.11.4 |
| Default all web form submissions through secure connections only. | Forms that contain potentially sensitive information will only be sent through a secure connection. | Browser Security | 5.8.0 |
| Removed web response headers from ASP.NET MVC. | Ensures unauthorized attempts to access Appspace technology stack are prevented. | Browser Security | 5.9.1 |
| Implemented segregation of rights on the server-side instead of client-side, during query execution on applications. | Restrictions are applied on the server-side to prevent exploitations of administrator privileges via browser attacks. | General Security | 6.0.1 |
| Ensured that by default, all API calls to Appspace cloud-based servers are secure. | Improved security when interacting with Appspace cloud-based servers. | General Security | 5.6.0 |
| Improved web services security. | Prevents unauthorized attempts to send a request to a web service and attempts to read the response. | General Security | 5.7.2 |
| Encoded AJAX (Asynchronous JavaScript and XML) data when calling Appspace. | Prevents cross-site scripting attacks where user-controllable data is copied into app responses. | General Security | 5.8.0 |