Release Notes 1.6

What’s New

ArcGIS Enterprise 11 Support

security.manager NEXT now supports ArcGIS Enterprise 11. Before upgrading from ArcGIS Enterprise 10 to 11, see the upgrade considerations.

Support for Node.js 18

In order to install the security.manager NEXT CLI via npm, Node.js is required. security.manager NEXT now also supports Node.js 18.x LTS besides 16.x LTS, while support for 14.x LTS has been removed.

Update Notes

If you skip several versions during the update, please also follow all update notes of the intervening versions.

Changed configuration options

proxy.cors.trustedServers

This option is renamed to cors.request.trustedServers. In your application.properties, replace proxy.cors.trustedServers by the new name cors.request.trustedServers. The old name will not work anymore.

Warnings

OGC API Features

With ArcGIS 11.0 and 11.1, on services with activated security.manager NEXT, unauthorized layer information can be exposed via the OGC API Features endpoint. Please deactivate OGC API Features on those services.

Further information can be found under limitations.

Changelog

1.6.1

Fixed Security Issues

SECNEXT-393

Potential bypassing of feature restrictions

SECNEXT-402

Vulnerability via calculate endpoint

Fixed Issues

SECNEXT-387

Feature restrictions on annotation layers are not enforced

SECNEXT-394

Queries containing unbalanced parenthesis are rejected when feature restriction is applied

1.6.0

Fixed Security Issues

SECNEXT-366

Prevent revealing of sensitive information

New Features

SECNEXT-319

Provide compatibility to ArcGIS Enterprise 11.0/1

Fixed Issues

SECNEXT-285

Manager-UI: Layers column is not reset when changing the services filter

SECNEXT-289

application.properties folder is not generated during install

SECNEXT-291

Legend isn’t printed when using layer ID in policy

SECNEXT-293

[IWA - Standalone] Requests of server data from /arcgis/admin interface fail

SECNEXT-308

[Accessibility] - submenu not accessible via keyboard control

SECNEXT-353

Login fails with standalone ArcGIS Server

SECNEXT-358

supportedSpatialRelationships not filtered from "FeatureServer/layers" response

SECNEXT-363

Inconsistent spacing in "Service status" dialog of Manager UI

SECNEXT-367

Requesting thumbnail fails for allowed layer

SECNEXT-371

Querying related records on a field restricted service returns too many entries

SECNEXT-373

Request for feature fails if spatial restriction enabled

SECNEXT-378

Requesting feature attachment for dynamic layer fails