Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

System security release notes

System security release notes

ServiceNow® system security feature enhancements and updates in the Kingston release.

Changed in this release

  • Encryption Support
    • Create an encrypted field configuration to encrypt the value of an existing String or URL field using the single or multiple encryption context methods.

      The Encrypted Field Configurations [sys_platform_encryption_configuration] table contains a record for each field encrypted with Encryption Support. With the security_admin role, use this table to monitor all fields in the instance that use Encryption Support. Fields that use Encryption Support may include:

      • New or existing Encrypted Text fields.

        On upgrade, encrypted field configuration records are created for all existing Encrypted Text fields. When a new Encrypted Text field is added, an encrypted field configuration record is created by default.

      • String and URL fields included in encrypted field configuration records.
    • Filtering and searching for equality is supported on encrypted fields.
    • When exporting encrypted fields in a list or form to a file format, only fields encrypted by an encryption context available to the current user appear in the exported document.
  • General security settings properties
    • In the System Properties [sys_properties] table, the default value for the glide.ui.attachment.force_download_all_mime_types property is true for new instances, false for upgraded instances.
    • In the System Properties [sys_properties] table, the default value for the glide.security.file.mime_type.validation property is true for new instances, false for upgraded instances.
  • Impersonation logs
    • Log impersonations of non-interactive sessions by setting the glide.sys.log_impersonation.non_interactive property to true.
    • Certain common impersonation tasks performed on behalf of the default users (system, soap.guest, and guest) are not logged, even if the glide.sys.log_impersonation.non_interactive property is true. Exclude additional users by setting the glide.sys.log_impersonation.non_interactive.exclusion property to a comma-separated list of user names.
  • ACL rule types
    • Processor access control list (ACL) rules, UI page ACL rules, and client-callable-script include ACL rules honor the STAR (*) rule if they cannot find a more specific ACL for those resources. For example, if you have a UI page named mysecretpage but do not define any ACL for this UI page, the STAR rule for the UI page processor is used for access check.