SVX Documentation
HomepageAPISDK
Current
Current
  • Docs
  • Concepts
    • Digital Identity and Why It's Important
    • Digital Wallets
    • Ecosystems
    • Information Security
    • Personal Data & Attributes
    • Privacy- and Security-by-design
    • Secure Data Storage
    • Selective Disclosure / ZKP
    • Tokens and Tokenisation
    • Verifiable Credentials
    • Terminology
  • Platform
    • Secure Value Exchange
    • Authorisation, Tenant & Organisation Manager (ATOM)
    • Credential Service
    • Decentralised Identifiers (DIDs)
    • Keys
    • Tenants, Organisations, and End-Users
    • Vault
      • Enterprise Vault
    • Portal
    • Wallets
      • Holder Wallet
      • Organisation Wallet
    • Supported Standards
  • Guides
    • Onboarding to SVX
    • API Guides
      • Credentials
        • Credential Schemas
        • Credential Types
        • Issue Credentials
        • Presentation Definitions
        • Presentations
      • DIDs
        • DID Resolver
        • DID Registrar
        • DID Methods
          • did:key
          • did:web
          • did:ebsi
          • did:indy
        • DID Controller Keypair
      • OpenID Connect
        • For Verifiable Presentation
      • Users
        • Inviting End-Users
        • Authenticating End-Users
      • Vault
        • Items and Slots
        • Connections and Sharing
        • Classification Hierarchies
        • Attachments
        • On-sharing & Client Tasks
        • Account Delegation
      • Machine-2-Machine Communication
    • Portal Tutorials
      • Tenant Administrators
        • Onboard to a Tenancy
        • Dashboard and Navigation
        • Manage Account
        • Manage Tenancy
        • Manage Tenant Administrators
        • Manage Organisations
        • Manage Organisation Administrators
        • Credential Schemas
        • Applications
        • End Users
      • Organisation Administrators
        • Manage Organisation
        • Onboarding and Organisation Setup
        • Dashboard and Navigation
        • Manage Account
        • Manage Organisation Administrators
        • Credential Templates
        • View Credentials
        • Verification Templates
        • Verification Requests
        • Connections
        • Applications
    • Wallet Tutorials
      • Wallet Set Up
      • Provider Registration
      • Organisation Configuration
      • Credentials
      • Requests
      • Security
      • Wallet Recovery
  • Tools
    • Meeco SDK & CLI
    • Cryppo SDK & CLI
  • Releases
    • 2.1.3
    • 2.1.2
    • 2.1.1
    • 2.1.0
    • 2.0.0
    • 1.4.3
    • 1.4.2
    • 1.4.1
    • 1.4.0
    • 1.3.8
    • 1.3.7
    • 1.3.6
    • 1.3.5
    • 1.3.4
    • 1.3.3
    • 1.3.2
    • 1.3.0
    • 1.2.5
    • 1.2.4
    • 1.2.3
    • 1.2.2
    • 1.2.1
    • 1.2.0
    • 1.1.0
    • 1.0.0
    • Legacy API-of-Me
  • Policies
    • Privacy
    • Developer Policy
Powered by GitBook
On this page
  • Gateway
  • Portal

Was this helpful?

Edit on GitHub
  1. Releases

1.4.3

Software Release Date: 17 September, 2024

Summary:

In this release, the Gateway now includes the HSTS header in the GET / endpoint, which was missing in version 1.4.1. For the Portal, the default nginx configuration has been updated to hide version information by setting server_tokens off. The Content-Security-Policy has been revised to allow specific sources, ensuring better security. Additionally, a fix was applied to the add_header Content-Security-Policy command to correct its arguments, and new security headers have been added to the nginx configuration.

Gateway

  • HSTS header also added to GET / (was not included in 1.4.1).

Portal

  • Changed:

    • Content-Security-Policy value changed to default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.meeco.me *.meeco.cloud *.svx.exchange *.securevalueexchange.com *.windows.net *.amazonaws.com *.google.com *.gstatic.com *.googleapis.com cdn.jsdelivr.net.

  • Added:

    • nginx default config added with server_tokens off so that nginx version information is not returned via Server header value.

    • Security headers to 'ngix' config.

  • Fixed:

    • add_header Content-Security-Policy called with correct number of arguments.

Last updated 6 months ago

Was this helpful?