Hi everyone,
On Tuesday, September 23'rd, we have updated the Business Catalyst service to include a series of security updates and minor bug fixes. Please find below the detailed list of changes:
- Require users to confirm identity by re-entering their admin passwords when updating sensitive information like payment gateways, user accounts, user roles or current user details. This has become a standard security practice that reduces risks on admin changes made by unauthorised users. Along with the change, the sensitive information can only be edited over https.
- Disabled auto-completion on password and password confirm fields in web forms. While this will prevent auto-completion to work for these fields on most browsers, some browsers do not enforce this standard and will still have this enabled.
- We have removed SPF from DNS since it's now deprecated and replaced with TXT fields
- Updated Captcha to include additional security measures preventing DOS attacks
- Added support for all alpha TLD domains to enable users to create email accounts on domains like .marketing, .photography, etc
- Fixed a bug in Product_UpdateInsert API to correctly escape quotation marks in product name
- Fixed a typo on Remove admin user success message
Thank you,
The Adobe Business Catalyst team