Comflow 2.24 Technology changes
- 14 Feb 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Comflow 2.24 Technology changes
- Updated on 14 Feb 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Comflow 2.24 Technology changes
This is a short summary of technology changes for 2.24.
Major upgrades of Technology
•Upgrade Studio to Java 17, though compiling runtime to 1.8.
•Upgrade to Tomcat 9
•Upgrade of Eclipse to 4.22
•Upgrade of OSGi version
•Upgrades of library , like Quartz, Pojo, Axis 2 and Hazelcast
Upgrades of security
The upgrade to Java 17 increases security on OS-level, even if compile is against 1.8.
The upgrade to Tomcat version 9.0 adds more security features, i.e. stopping:
- AJP File Inclusion
- Denial of Service vulnerability
- h2c request mix-up vulnerability
- Remote Code Execution via Deserialization
- HTTP Request Smuggling
- Authentication Vulnerability
- Remote Code Execution Vulnerability
Upgrades of Comflow libraries
- Updated javascript libraries jquery and dojo with known vulnerabilities to secure versions. 1.10.4 and 1.17.2 respectively.
Changes in Comflow
- Added an extra request wrapper in Comflow for detecting and protecting from Cross Site Scripting (XSS).
- Prevent exposure of any verbose error messages such as stack traces, debugging information, or other technical details.
- Not allowing clickjacking. Tomcat startup configuration. X-Frame-Options set to SAMEORIGIN, X-Content-Type-Options set to nosniff.
Was this article helpful?