CASE PM-68678-19-201876

In the archives web.config of the Aranda PassRecovery sites, the following policies have been added script-src 'self' 'unsafe-inline' 'unsafe-eval' and object-src 'none' to the Content-Security-Policy (CSP) as a security improvement measure, ensuring a robust content security policy. The configurations are as follows:

Values are included script-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; object-src 'none' ; Inside the label Content-Security-Policy in the archives web.config of the Aranda PassRecovery Administration (APRADMIN) and Users (APRUSERS) web consoles.

Value Included default-src 'none' ; Inside the label Content-Security-Policy on file web.config of the Aranda PassRecovery API (APRAPI).

⚐ Note: Content Security Policy (CSP) settings that include the ‘unsafe-inline’ and ‘unsafe-eval’ options are essential for the proper functioning of the tool, as they allow the execution of necessary scripts from a third-party library.

AngularJs Version Update

The version of AngularJs is updated to 1.8.8 in the Aranda PassRecovery User Console (APRUsers) in order to align the application to the latest available version of this library.

This update requires that stored browsing data (cache and cookies) be deleted to avoid compatibility conflicts with the new version when using the console.

⚐ Note: AngularJS is a library that has finished its official maintenance cycle. However, Aranda Software has extended support for this version, which allows it to be kept operational and aligned with the needs of the application.

⚐ NOTES OR ADDITIONAL INSTRUCTIONS

• Run the “Aranda.PassRecovery.Installer.exe” file and follow the instructions in the installer.
  
• The executable file functions as both an installer and an update tool.
  
• This update applies only to databases in version 8.0.169.