This public hotfix for Password Manager 5.9.3 (including AD LDS version) addresses the following issues:
When a PM service account is different than that of the logged in user account, installation of hotfix resets and locks the service account credentials.
In the self-service site, partial username search displays the self-service tasks even if Disable user search on Self-Service site for external network. Defining Corporate IP Address Range from General Settings is required option is selected.
When security questions are selected as the registration mode, Access is Denied error occurs while saving Q&A profile from the PMUser site.
Maximum Password Age configured as part of PM Password Policy, does not allow user to change password when user's password expires or when user's last password change duration is greater than Maximum Password Age.
Reminder to Change Password and other scheduled tasks are failing on both the replication instances.
Web Interface customisations made in the PMAdmin site are not reflected in the PMUser site.
User cannot complete registration from Self-Service site if "Personal contact method" is selected during registration.
Cross site scripting vulnerability in PM versions 5.8.2 and 5.9.3.
Defects 228256, 224128, 227358, 230900, 232148, 235469, 237830, 217557, 236820
Please download the hotfix here.
UI customizations will be lost during hotfix installation. If you have done any UI customization, before installation back up the current configuration by doing one of the following:
If you have customized the product settings in the below configuration files, before installing the hotfix back up the following files and re-configure them in the latest files after the installation of hotfix:
If you have customized any of the Password Manager files, then before installing the hotfix back up the customized file and re-configure the customizations in the latest files after the installation of hotfix.
NOTE: Enable sticky session if you are hosting any site on the load balancer, as
Admin, Helpdesk, and Self-service sites use session state management