Develop

[benjamin-lam]

Release Changes 3.2.4

Changed

• Updated CSP Whitelist
• Added deprecated warnings for Heidelpay / CSP

[github-actions]

Checkmarx One – Scan Summary & Details – 1f9d1fae-ece0-4a5a-9060-e238dcf9213f

New Issues (7)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Cx5aa6edea-ffde	Php-phpunit/phpunit-6.2.4	Vulnerable Package
	Missing_HSTS_Header	/Block/System/Config/WebhooksApplepayButtons.php: 91	details The web-application does not define an HSTS header, leaving it vulnerable to attack. Attack Vector
	Client_Hardcoded_Domain	/view/frontend/web/js/view/payment/method-renderer/base.js: 2	details The JavaScript file imported in js in /view/frontend/web/js/view/payment/method-renderer/base.js at line 2 is from a remote domain, which may allow... Attack Vector
	Client_Hardcoded_Domain	/view/frontend/web/js/model/checkout/threat-metrix.js: 41	details The JavaScript file imported in "https://h\.online\-metrix\.net/fp/tags\.js?org\_id=363t8kgq&session\_id=" in /view/frontend/web/js/model/checkout/threat... Attack Vector
	Client_Hardcoded_Domain	/view/frontend/web/js/model/checkout/threat-metrix.js: 46	details The JavaScript file imported in "https://h\.online\-metrix\.net/fp/tags?org\_id=363t8kgq&session\_id=" in /view/frontend/web/js/model/checkout/threat-me... Attack Vector
	Client_Hardcoded_Domain	/view/frontend/web/js/model/checkout/threat-metrix.js: 46	details The JavaScript file imported in "https://h\.online\-metrix\.net/fp/tags?org\_id=363t8kgq&session\_id=" in /view/frontend/web/js/model/checkout/threat-me... Attack Vector
	Client_Use_Of_Iframe_Without_Sandbox	/view/frontend/web/js/model/checkout/threat-metrix.js: 45	details The application employs an HTML iframe at whose contents are not properly sandboxed Attack Vector