Version 9.7.1 Release Notes

Release 9.7.1

The following describes the new features and improvements introduced in RiskVision version 9.7.1, released in March 2023.

Warning:
An issue in RiskVision version 9.7.1 is causing the cross-site scripting security fix in the Hyperlink Enablement feature from version 9.6 to malfunction. 
We have created a patch that will fix the Hyperlink issue. Customers upgrading to RiskVision version 9.7.1 and using this Hyperlink feature will require a patch to get the hyperlink feature working. Please contact our Support team for the RiskVision version 9.7.1 Hyperlink patch.

Third-party Updates

RiskVision now utilities the following versions for Third-party integration to apply security enhancements.

  • Apache Tomcat® Version 8.5.85
  • MySQL™ Version 5.7.39
  • Oracle® 19c
  • Jasper Version 8.0.3
  • Apache® Version 2.4.54
  • Amazon Correcto Version 1.8.0.342
  • Apache OpenOffice 4.1.13
  • Log4j 2.19

Login Security Enhancement

RiskVision has implemented a rate limitation on login attempts. Implementing this fix will prevent brute-force attacks on your system.

Fix for Stored Cross Site Scripting (XSS) Vulnerabilities

RiskVision has implemented fixes to Stored Cross Site Scripting (XSS) vulnerabilities within the More Information section in the Threat & Vulnerability Manager section and the Access the Delegation message parameter within User Settings.


General Enhancements

Description

TAA Compliant Artifacts were built and verified for RiskVision 9.7.1 North America.

Increased the maximum character limitation from 80 to 255 characters when adding a new role in External Authentication.