Security Settings

To allow users with Internet Explorer to access Stages, set the global.secureMode.IEAccess config property in config.xml either to non_root (= all users except root) or all_users.

Unmanaged HTML sections in descriptions are an inherent security risk, because process modelers could open the system up to XSS vulnerabilities. Therefore, those features were disabled by default.

To reenable the handling for unmanaged HTML sections in descriptions, set the process.description.displayUnmanagedSections.enabled and legacy.description.migration.unmanagedSection.templates properties to true in config.xml.

We highly recommend to make those changes only if their impact on security is well understood.