What’s New
- New security feature blocks all requests to \.well-known\ URIs (returning 404), except for certificate validation (acme-challenge, when enabled) and any other URI explicitly allowed through ServerController.AllowedWellKnownURISuffixes property.
- New internal variable NONCE for templates (was previously announced in IW 16.1.2, but only included in 16.1.3). It will replace any %NONCE% tag with WebApplication.Nonce value at runtime in templates. This is required for scripts and style tags in templates when using CSP
Bug fix
- Setting TIWTemplateProcessorHTML.Variables or StyleAttributesToRemove property at design time could raise an access violation depending on the IDE plug-in being used/registered as a TStrings editor.
- Digest authentication would fail using ISAPI application and IIS configured with Anonymous Authentication method