Fixes Defects:

PI92296,PI94189



This patch contains the following software changes:


PI92296:

   Problem: ClearQuest Web is affected by a "Cross-Site Request Forgery (XSRF or CSRF)" vulnerability.

   Fix: The Cross-Site Request Forgery (XSRF or CSRF)" vulnerability has been fixed.


PI94189:

   Problem: Secure LDAP connections may fail with the error message "CRMMD1826E LDAP operation 'ratl_ldap_ssl_environment_init'
failed with error code 408.  Description: Unknown error" if using v2 stash encryption files.  These v2 stash files are generated with the newer versions of the GSKit such as  8.0.50.79 which is shipped with IBM HTTP server 8.0.50.79.

   Fix: ClearQuest is now shipped with version 8.0.50.88 of the GSKit which supports the v2 stash encryption file format.