Quantum Fabric Docker Containers Hotfix 9.7.1.3

Enhancements

• To avoid Session Fixation attacks, the JSESSIONID regenerates every time a user loads the login page.
• To avoid privilege escalation, client details are now bound to the session. Therefore, the JSESSIONID of one user cannot be used by other users.

Fixed Issues

• Fixed an issue where active user sessions were not invalidated after changing the user password.
• Fixed an issue where user input was not validated appropriately.
• Upgraded the following components to fix vulnerability issues:
  • AngularJS
  • JQueryUI
  • CodeMirror
  • JQuery Migrate