• SSL ciphers.
    • New secure ciphers added.
    • Removed insecure ciphers.
  • Login OPTIONS in HTTP response.
    • Disabled dangerous options & methods on the server (e.g. PATCH).
  • Restrict concurrent sessions to one.
    • For example, users can't log in twice from two different browsers, computers, or in incognito and standard mode.
  • Inadequate session time out for process management tab.
    • Session timeout is now configurable.
  • Updated Apache Tomcat to V. 9.0.85

Bug fixes:

  • MC-7327 - An adversary can exploit the known flaws of any 3rd party API used in the application (reporting framework, etc)
  • MC-7352 - Failed to sign up to Blancco Cloud.
  • MC-7353 - Not able to save changes to workflow with BMC v5.17.0 using MS SQL server.