Version 5.0.3
FLASH NEWS - LOG4J VULNERABILITY UPDATED - NOW WITH 2.17.0
-
Log4j Vulnerability - Urgent upgrade of OnTime Strongly Recommended
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack.
IMPROVEMENTS
ONTIME DESKTOP CLIENT
-
Added new favorite marking for public and shared groups. Whenever a public or shared group has the star to the right of the name checked, the group becomes part of the users private groups.
BUG FIXES
ONTIME DESKTOP CLIENT
-
Fixed an issue where private groups that had been deleted were visible until a reload of the browser window.
-
Fixed an issue where dragging entries in the single person view was not active in 5.x.
-
Fixed an issue where users would always start in the single person view after an upgrade of OnTime.
ONTIME ADMIN CLIENT
-
Fixed an issue where the Impersonation user was not saved for new domain configurations.
