Changelog

4.15.2

Fixed Issues

[SECMAN‑1772]

Service information might be available to unauthorized users

4.15.1

Fixed Issues

[SECMAN‑1736]

Error when initiating SAML Web SSO

4.15.0

New Features and Improvements

[SECMAN‑1705]

Introduce CSRF token mechanism in admin JSPs

[SECMAN‑1698]

Authenticate against federated ArcGIS Server

[SECMAN‑1694]

Provide properties to add flags "Secure" and "SameSite=Strict" to domain cookie

[SECMAN‑1397]

Allow CORS configuration in application.properties

[SECMAN‑1177]

Enable token authentication on ArcGIS Server services by default

[SECMAN‑1117]

Don’t use JSESSIONID in URLs to transmit session ID

Fixed Issues

[SECMAN‑1734]

AGS MapServer parent layer links not rendered correctly

[SECMAN‑1732]

Classbreaks elements not rendered correctly on service directory HTML pages

[SECMAN‑1725]

Server error 500 when navigating to enforcement point

[SECMAN‑1695]

Context files written by installer do not contain "useHttpOnly=true"

[SECMAN‑1621]

Layer metadata displays name of and links to forbidden layers

[SECMAN‑1256]

ArcGIS token security allows ArcGIS Server with /arcgis substring only

[SECMAN‑1127]

agstoken and token endpoint is available without token under some circumstances