BUG |
Category |
Notes |
3095 |
PA-DSS |
The application does not properly set cache-control directives in its responses. |
3097 |
PA-DSS |
Change default SSL cipher list to remove ciphers with known weaknesses. |
3099 |
PA-DSS |
Change network isolation (SNIF) description from Telnet to NativeCOM for PA-DSS compliance. |
3101 |
PA-DSS |
Sensitive Post Returns HTTP 200. |
3102 |
PA-DSS |
Added HTTP Cookie support. Added STSESSID session ID using an HTTP Cookie. PA-DSS requirement. |
3130 |
PA-DSS |
Added additional input validation for general string input fields. |
3131 |
PA-DSS |
Sensitive Data Transmitted Unencrypted. |
3135 |
PA-DSS |
Secure Cookie Options Not Used |
3136 |
PA-DSS |
Added the AUTOCOMPLETE=OFF attribute to the password type HTML input fields. |
3138 |
PA-DSS |
Sensitive Information in Server Response. |
3147 |
PA-DSS |
Identity certificate uses SHA1 with RSA encryption. |
3154 |
PA-DSS |
Bumped FCF values for IPG products to indicate using HTTPS only with Basic auth and hashed password encodings for PA-DSS 3.0 compliance |
3154 |
PA-DSS |
Updated to use HTTPS only with BASIC auth and hashed password encodings for PA-DSS 3.0 compliance. |
3154 |
PA-DSS |
Update product configurations to support HTTPS only with the hashed password encoding. |
3154 |
PA-DSS |
Updated to suppress the warning when no SSL FQDN is supplied when acting as the server. This avoids filling the system trace log with warnings for each HTTPS request. |
3154 |
PA-DSS |
Fix issue that could cause a back-to-back 401 unauthorized when the unit has been idle and a different client connects with a cookie and authentication. |
3173 |
OpenSSL |
Update to OpenSSL 1.0.2d. Includes TLS 1.2 support |
3179 |
File system |
Added Comodo Root certs to file system |