Environment: DevTest 10.3.0 on all platforms. Answer: Yes. Even though the elasticsearch-1.5.2.jar is still delivered with DevTest 10.3.0, code changes resolve the vulnerability at runtime. A new jar will be replacing the outdated jar in a future release.
CA Technologies Support is alerting customers to multiple potential risks with CA API Developer Portal. Multiple vulnerabilities exist that can allow a remote attacker to conduct cross-site scripting attacks.
Issue: Scan report shows Elastic Search vulnerabilities Environment: DevTest 9.1, 10.1 and 10,2 Resolution: Please open a ticket with CA Support, we have a patch for Elastic Search vulnerabilities issue.
Reported in DevTest 10.1.0. Please open a Support case and refer to Defect DE323229.
Introduction How to disable TLSv1 on all DevTest Servers and your Workstation. Background Needing to disable TLSv1 due to a vulnerability with DevTest. Environment All supported releases and platforms. Instructions To disable TLSv1 on all servers then do this on each DevTest...