Smartstaff, administrator
4,221
edits
Changes
→July 24th 2025 (202507.03)
==Service Packs==
====July 24th 2025 (202507.03)====
* Updated the system to include a new option to enhance security around email addresschanges. The process for updating a user’s email address has been enhanced to meet OWASP security recommendations https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html#changing-a-users-registered-email-address. If you enable the new option located at '''Global Settings ''' > '''Security ''' tab > '''Enable Profile Email Address Change Verification''', Users will be required to authenticate by entering their password or a verification code before requesting an email address change. Once the request is made, a confirmation email will be sent to the new email address. The user must click the confirmation link in that email to complete the change. These updates align with the OWASP recommendations to help prevent unauthorized changes and improve overall account security. Note: this process does not apply to email updates made by workflows API, autoloaders, or batch update.
<!--SMART-1108-->
* Updated access to lookup pages for increased security. If a user attempts to go directly to a lookup page as found by browsing the options of the “Owner” standard field and other similar lookup fields, they will receive a permission error and will not be able to look up information unless they are logged in or access the page as part of a signup page or template page session. We have also added a new setting at Global Settings > Security tab called “Block access to object lookup page“ which will block access to object lookup pages unless you are logged in for increased security.
