WorkflowGen v8.3.5

Announcements Release Notes & Downloads
1

Security

  • Enhancement (#4290): Enforced secure mode in cookies when using HTTPS to enhance security for cookie-based authentication and session management.

  • Bug (#4308, #4317): High: Fixed some security vulnerabilities in both the User Portal and the Administration Module (users could not perform unauthorized operations).

  • Bug (#4267): Medium: Resolved a security issue with data access in the follow-up functionality, ensuring proper access control for sensitive information visibility (users could not perform unauthorized operations).

  • Bug (#4277): Medium: Resolved a security issue where Portal delegation was incorrectly granting users higher visibility permissions than intended in certain cases, ensuring proper access control (users could not perform unauthorized operations).

  • Bug (#4293): Minor: Resolved a sanitization issue in the WorkflowGen User Portal RSS feed response, preventing potential security vulnerabilities.

  • Bug (#4292): Minor: Fixed a UI issue in the user profile settings where change user password fields were displayed in non-WorkflowGen authentication modes. This avoids confusion and ensures proper password management only in the WorkflowGen authentication mode.

  • Bug (#4289): Minor: Fixed a security vulnerability in webforms where a temporary relative storage path could be disclosed. To resolve this, update your WorkflowGen’s \wfgen\web.config with:

    <add key="ApplicationSecurityEnableWebAppsSecureMode" value="Y" />
<add key="ApplicationSecurityEncryptionKey" value="CUSTOM_KEY" />

    Important notes:

    • Replace CUSTOM_KEY with at least 32 characters (256 bits) for strong encryption. Use a combination of uppercase and lowercase letters, numbers, and special characters.
    • Clients using custom Visual Studio webforms should be upgrading to and referencing the latest WorkflowGen.My.dll to support this update. If the webform uses its own web.config, the ApplicationSecurityEnableWebAppsSecureMode and ApplicationSecurityEncryptionKey keys should also be redefined there.

Notes

  • All Node.js modules (GraphQL v5.2.0, Webhooks v6.1.7, Auth v3.1.0, and SCIM v3.0.13) continue to require Node.js 18.20.7 LTS.

Installation Packs

WorkflowGen 8.3.5 (Upgrade)
WorkflowGen 8.3.5 (Clean Install - PowerShell)
WorkflowGen 8.3.5 (Clean Install - manual)

Documentation

WorkflowGen 8.3.5 Upgrade Guide: English - Français
WorkflowGen 8.3 PowerShell Installation: English - Français
WorkflowGen 8.3 Manual Installation: English - Français
WorkflowGen 8.3 Technical Guide: English - Français
WorkflowGen 8.3 Administration Guide: English - Français
WorkflowGen 8.3 User Portal Guide: English - Français
WorkflowGen 8.3 Integration Guide: English
WorkflowGen 8.3 for Azure: English - Français
WorkflowGen 8.x for Docker: English - Français
WorkflowGen documentation: English - Français