Changes made in TRIRIGA as a result of Security Vulnerabilities
doboski 310000SJR4 Visits (10119)
In this day in age, security is a very hot topic and as soon as one vulnerability pops up, it is addressed and mitigated, another one is found. It is a vicious circle of identifying and addressing that does not seem to let up. In our fixpack release notes, information regarding mitigation of vulnerabilities that were addressed without an APAR is listed. And sometimes, a vulnerability could be addressed as an APAR.
The reason I am mentioning security vulnerabilities is that sometimes, when they are resolved, there is an effect that impacts existing functionality and it may not always be clear. Sometimes, the result of fixing these vulnerabilities can “change” functionality.
As an example, in the 3.5.2 release, there is mention of an APAR related to external URL navigation items will now open in a new window to avoid cross origin scripting vulnerabilities. Prior to the 3.5.2 release, if you used an external URL in the navigation, it just opened in the same window. We have seen some issues where clients wanted the original design, but that is no longer possible since the change was made as a result of fixing a security vulnerability. The current behavior is correct and cannot revert to the old design. So in this case, there was an APAR referenced. But in others, there may not be. You can look at the 22.214.171.124 release notes (found here http
As the product develops and security vulnerabilities are found and addressed, it could mean a change in how something works. Reading the release notes can be a source of information but it may not always be clear why something changed. We all know change is hard, especially when we are so used to it working a certain way. I don’t know about you, but if the change was made to address a security vulnerability, I can live with that and accept the change.