Community Tip - Have a PTC product question you need answered fast? Chances are someone has asked it before. Learn about the community search. X
Dear community,
We upgraded from Thingworx 9.3.13 to 9.5.2 which mostly worked OK. After restart I am encountering this message in ApplicationLog:
[SECURITY AUDIT Anonymous:@unknown -> /ExampleApplication/org.owasp.esapi.reference.validation.StringValidationRule] Input validation excludes canonicalization. Context: setHeader Input: attachment; filename="plotly-basic.min.js"; filename*=UTF-8''plotly-basic.min.js
I am loading the plotly library (from local repository) on several mashups and the warning shows up whenever the according mashup is loaded. The Mashups work fine.
In Release 9.3.13 we did not receive this warning. I also checked the files ESAPI.properties and validation.properties in ThingworxStorage/esapi folder but they haven't changed.
What is the warning telling me? And more importantly, how do I get rid of this message?
Thank you in advance for any kind of support
Benny
Solved! Go to Solution.
@BennyB .
I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx
That should address your question.
HTH
Pehowe
@BennyB .
I believe you need to follow the steps in Article - CS385117 - Excessive OWASP validation logs when export entity collections from ThingWorx
That should address your question.
HTH
Pehowe
Hey @PEHOWE ,
many thanks for your feedback. I am not entirely sure what exactly I have done but you are right, the messages are gone. It's in test system now and if we don't encounter related issues it will be deployed to production.
Thank you very much
Benny