Release 10.2
MWSSOF-1714
A CSV injection vulnerability was discovered in My webMethods Server.
The issue is resolved.
MWS-22327
My webMethods Server does not support session-based token generation for CSRF tokens.
The issue is resolved. Now you can configure the previously removed functionality for session-based token generation using the My webMethods Server user interface. To enable session-based CSRF token generation:
1. Log in as sysadmin and navigate to Folders > Administrative Folders > Administration Dashboard > Configuration > XSRF Security Configuration.
2. Clear the checkbox for the default setting, which is 'Use secret-based token generator'.
3. Click Submit.
My webMethods Server will now generate CSRF tokens per session.
MWS-22659
Asset Build Environment does not allow the use of third-party libraries when building My webMethods Sever assets.
The issue is resolved. You can now add third-party libraries to use only at compile time for building My webMethods Sever assets.
To include third-party libraries, create a new directory in the root directory of the project, and name that directory 'lib-compile'. Any custom .jar files placed in the 'lib-compile' directory will be used only at compile time, and will not be included in the project build.