You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 17, 2023. It is now read-only.
Description: Do to a flaw in the Task authorization rule, users authenticated via a valid client certificate from trusted certificate authorities and a corresponding entry in the local DSF allow-list, are able to execute processes that should otherwise not be allowed via the ActivityDefinition authorization extension of the process.
Workaround: Disable access for untrusted organizations by setting Organization.active to false.
The text was updated successfully, but these errors were encountered:
Affected Versions: <= 0.9.1
Description: Do to a flaw in the
Task
authorization rule, users authenticated via a valid client certificate from trusted certificate authorities and a corresponding entry in the local DSF allow-list, are able to execute processes that should otherwise not be allowed via theActivityDefinition
authorization extension of the process.Workaround: Disable access for untrusted organizations by setting
Organization.active
tofalse
.The text was updated successfully, but these errors were encountered: