Patch versions of Access Analyzer and its Access Information Center (AIC) module are now available. These updates resolve security-related issues and include additional enhancements.
A separate security advisory related to this release has been published. View the full advisory here:
Do you want to be notified of future product updates?
Are you subscribed to this category? If not, or if you're not sure, expand me to see how!
Bug Fixes and Miscellaneous Updates
Access Information Center (AIC)
- Bug 380555: AIC allowed the
urlparameter in the/v2/loginendpoint to contain an absolute URL. - User Story 379216: Added support for Entra ID SSO to AIC login.
Case #438
Web Server
- Bug 380556: Reporting Web Server allowed the
ReturnUrlparameter in the/loginendpoint to contain an absolute URL.
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Access Analyzer > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Access Analyzer > Ideas |
| If you have something cool to show… | Show everyone what you built: Access Analyzer > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!