Platform security release notes

ServiceNow® platform security enhancements and updates in the Istanbul release.

New in the Istanbul release

ACL debugger output
The ACL debugger output shows the results of an additional (fourth) type of ACL check. This is an internal system check using access handlers in the source code on the platform. This is typically used by the platform when a user is accessing a record belonging to a scoped application.
Domain hierarchy validation
The glide.sys.domain.validation_skip_threshold property is available to control which tables the domain validation process can skip. Use this property if domain hierarchy validation takes an excessive amount of time on tables with a large number of records.

Changed in this release

  • HTML Sanitizer: You can use urlAttributes to specify protocols that are not sanitized if they are found in an anchor tag.
  • : You no longer need to create ACLs on fields in the database view.