Resolved Issues
The following issues have been resolved with this release of the Data Sync Server:
Ticket ID | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
DS-38670 | Fixed an issue in which the startIndex value for SCIM requests would be incorrect if the used LDAPSearch element had more than one baseDN defined in the scim-resources XML file. | ||||||||||||||||||||||||
DS-38897, DS-38908 | Fixed the following issues, in which the server could have exposed some clear-text passwords in files on the server file system:
In each of these cases, the files were written with permissions that made their contents accessible only to the system account that ran the server. Further, while administrative passwords might have been exposed in the tool invocation log, neither the passwords for regular users nor the data from their entries should have been affected. New automated tests help to ensure that such incidents no longer occur. We recommend changing any administrative passwords that might have been compromised as a result of this issue. If the passphrase for an encryption settings definition might have been exposed, perform the following steps:
You might want to re-encrypt or destroy existing backups, LDIF exports, or other data that is encrypted with a compromised key. You might also want to sanitize or destroy existing tool invocation log files that contain clear-text passwords. |