Skip to main content

 

Planview Customer Success Center

October/November 2021 Release Notes

The November 2021 PBIX Update can be viewed here.

IdeaPlace Release Notes

User Orientation Video

We encountered an issue which blocked the video content from displaying properly in the application. This was rectified by the inclusion of the video link into this content security policy of all Planview IdeaPlace instances.

Security

Cross Site Scripting in CSRF Cookie

Following the identification of an issue relating to the ability to modify the CSRF cookie, we have taken action to prevent this.

During the penetration test, a scenario was identified whereby the CSRF cookie could be modified in order to launch a social engineering attack on a user. In order to remediate this, all headers are now reviewed for proper input sanitization, with filters in place to prevent the insertion of arbitrary code.

Idea Management

Idea Ownership

When changing an idea owner, the application will now automatically subscribe the new idea owner to the idea. This ensures that the new owner receives important updates about their idea.

The outgoing owner will remain subscribed to the idea however as they may wish to receive updates on their progress. They can unsubscribe at any time by visiting the idea page or their profile and selecting Unfollow.