๐๏ธ HTTP Host Header Protection
To improve security, Digital.ai Release 23.1 and later, includes measures to prevent HTTP Host Header Injection attacks from causing random redirects. You can now add the white-listed host names to the hostnames key in the xl-release.conf file.
๐๏ธ Configure SSL Options for HttpRequest
This topic covers SSL options for HttpRequest, which are settings that enable secure communication between clients and servers.
๐๏ธ Manage Encrypted Passwords in Release
Release provides a mechanism to automatically encrypt passwords and enables you to refer to them, so you do not need to store third-party passwords in plain text in configuration files.
๐๏ธ Update the Digital Certificate
The Release Setup Wizard can generate a self-signed digital certificate for secure communications.
๐๏ธ Trust a Deploy Server's Certificate
This topics provides information about creating and configuring a truststore, importing certificates, and adjusting Release settings to ensure secure communication with the Deploy server.
๐๏ธ Use Passwords Variables in a Remote Script Task
Release prevents the improper usage of passwords by allowing password type variables to be used only in password fields.
๐๏ธ Configure HTTP CSRF Protection
This topic covers Cross-Site Request Forgery (CSRF), a class of attack that forces an authenticated end user to execute unwanted actions on an application. You can configure CSRF protection in Release.
๐๏ธ Configure HTTP sameSite Cookie Configuration
This topic explains the sameSite attribute for session cookies in Digital.ai Release 22.1 and later, enhancing security by restricting cookies to first-party or same-site contexts.
๐๏ธ Configure Pendo Analytics and Guidance
Pendo.io is a Product Analytics platform used in Release to enrich the product experience and provide insights to the product management team.
๐๏ธ Security Properties File
The security.properties file lets you override some of the default JVM settings based on your requirements. For example, you can override the default JVM values for parameters such as the networkaddress.cache.ttl, networkaddress.cache.negative.ttl.
๐๏ธ Security FAQs
What are the implications of deprecating TLS protocol versions 1.0 and 1.1?