Release date: 8 March 2021

Bug Fixes

• The FileSystem bucket provider was previously enabled by default on new installations and disabled on upgrades. For security reasons related to the risk of exposing sensitive areas of an operating system configuration and settings, we now discourage the use of FileSystem. Therefore, the provider is now disabled by default in both new installation and upgrade scenarios.
  
  A new web.config setting is available to control the use of FileSystem buckets: Buckets.FileSystem.Allowlist. Considering that FileSystem is now disabled by default, if you nevertheless decide to opt for this provider, you first need to enable it, and then explicitly specify the FileSystem locations you want to make available for storage using the new setting. Buckets.FileSystem.Allowlist has no default value, so no FileSystem paths can initially be used. Only paths subsequently added to this allowlist by the administrator are accessible.
  
  Please refer to Using the FileSystem Storage Allowlist Securely before configuring Buckets.FileSystem.Allowlist.
  
  We have added two new parameters to Publish-Orchestrator.ps1 script to help you manage the bucket providers you opt for: bucketsAvailableProviders and bucketsFileSystemAllowlist. For more details, see Publish-Orchestrator.ps1 Parameters.
   
  The Platform Configuration Tool performs new checks targeting FileSystem buckets. Specifically, the tool looks for all FileSystem buckets and ensures that their root path is configured in Buckets.FileSystem.Allowlist app setting. To find out more about these checks, refer to the Platform Configuration Tool page.
   
  No authentication was required to access Orchestrator storage if the file path was known. This behavior no longer occurs.