Chat now with support
Chat with Support
Self Service Tools
Knowledge Base
My Account
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Support Essentials
Awards and Testimonials
License Agreement
Support Guide

Identity Manager Product Notification

Return
Critical Alerts
Vulnerability in DOMPurify in One Identity Manager 8.2.x and 9.x local HTML5 documentation.
 
How does this affect me?
When installing the Identity Manager Client Tools, there is an option to install a local HTML copy of the product documentation on the target server. The install is also done by default on servers hosting Identity Manager Web Applications.  
 
This documentation was created using 3rd party software where recently a vulnerability in component DOMPurify version 1.0.11 has been detected.
Resolution
Version specific Hotfixes have been created to address this issue. A transport package is provided to install the hotfix.
 
It is recommended all customers on versions 8.2.x and above install the hotfixes on any servers hosting Identity Manager Web Applications, or that have the optional documentation installed. For more information and to download the hotfix, please see KB 4374509.
 
This issue will be resolved in all future releases.
 
We apologize for the inconvenience this issue may have caused.