Login
    Contents x
    Version 3.26 (August 2024)
    • 01 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Contents

    Version 3.26 (August 2024)

    • Updated on 01 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Article summary

    New features and enhancements

    Supported platforms and third-party products

    OneSpan User Websites now supports the following products:

    Software libraries

    OneSpan User Websites now includes the following (updated) third-party libraries:

    • Apache Commons Lang 3.14

    Web servers

    OneSpan User Websites can now be run on these web application servers (based on the respective JRE):

    • Apache Tomcat 9.0–9.0.90 (included)

      This version of Apache Tomcat fixes a couple of critical security vulnerabilities, including CVE-2024-34750.

      • Oracle Server Java Runtime Environment 11

      • Azul Zulu 11 (included)

    Fixes and other updates

    Issues OAS‑23559, OAS‑20239 (Support case CS0145136): Cross-site scripting vulnerability

    Description: The language HTTP parameter is not properly verified and can be potentially exploited for cross-site scripting (XSS) attacks.

    Affects: OneSpan User Websites 3.21–3.25

    Status: This issue has been fixed. The HTTP parameter is now properly sanitized and limited to two characters to avoid malicious attacks.

    Issue OAS‑6600 (Support case CS0047902): Incorrect reference to obsolete properties file (Documentation)

    Description: The OneSpan User Websites Administrator Guide refers to a controller.properties file to configure primary and backup OneSpan Authentication Server instances. The referred properties file is obsolete and does no longer exist. Furthermore, instead of editing the properties file directly, administrators should use the OneSpan Web Configuration Tool to configure the OneSpan Authentication Server instances.

    Affects: OneSpan User Websites 3.21–3.25

    Status: The documentation has been updated.

    Deprecated components and features

    PDF documentation (Deprecated)

    You can view the user documentation of most OneSpan products online already at https://docs.onespan.com/docs/, and we plan to shift exclusively to online documentation.

    This means that PDF documentation will be completely removed in future major releases of OneSpan User Websites (currently planned for 3.27).

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant