Security Settings
To allow users with Internet Explorer to access Stages, set the global.secureMode.IEAccess
config property in config.xml
either to non_root
(= all users except root) or all_users
.
Unmanaged HTML sections in descriptions are an inherent security risk, because process modelers could open the system up to XSS vulnerabilities. Therefore, those features were disabled by default.
To reenable the handling for unmanaged HTML sections in descriptions, set the process.description.displayUnmanagedSections.enabled
and legacy.description.migration.unmanagedSection.templates properties
to true
in config.xml
.
We highly recommend to make those changes only if their impact on security is well understood.