Tall real estate buildings in the back with persons walking through a park.

Important Product Update: Enhanced Security Measures for File Management

As part of our ongoing commitment to security and reliability, we’re introducing an important update to how file paths are managed in both on-premise and Planon cloud environments. This change is designed to reduce risk, improve control, and align with the latest security standards identified by the Planon Security Team.

What’s Changing — and Why It Matters

  • Safer file access - Access to file paths will now be restricted to approved base locations (as configured in File locations). This helps prevent unauthorized or unsafe file references.
  • Streamlined configuration - The Allow user-defined path setting will be removed in version L119, ensuring consistent and secure file path usage across your system.
  • Allowed deviating paths - To designate a trusted path, a new field called Allowed deviating paths will be introduced in File locations (L119). This enables administrators to specify particular, trusted UNC or WebDAV paths that are not part of the standard configuration.

    Note:     Adding locations to the Allowed deviating paths field is called whitelisting: creating a list of trusted items (e.g., files or URLs) explicitly allowed to prevent unsecure or malicious access. 
    • Cloud vs. On-Premise - This update applies to all customer environments.
    • Why no exceptions? - As this constitutes a security improvement, it is enforced by default and cannot be disabled. Exceptions can only be made through the Allowed deviating paths field.

What You Need to Do

  1. At File locations, run the Download deviating paths list report (see WebHelp). 

    This will result in a Deviating paths list report, listing paths that are not relative to a defined file location. 

    You have two options: 
    - Whitelist the deviating paths in the field Allowed deviating paths (available from L119) 
    - Or make sure the files are stored in a location specified in File locations. 

    If you choose this option, the paths of files listed in the Deviating paths list report need to be altered. 

  2. Review your PSS JavaScript and mail merge templates to check for any deviating file locations, as these are not included in the Deviating paths list report. 

     Again, you have two options:  
    - Whitelist the deviating paths in the field Allowed deviating paths (available from L119) 
    - Or make sure the files are stored in a location specified in File locations. 

    If you choose this option, the paths in the JavaScript(s)/Mail templates need to be altered.

Additional Notes

  • If the Allowed deviating paths field is empty, no custom paths will be allowed.
  • Files can only be uploaded to the specified file locations.
  • Access to whitelisted paths is permitted for reading purposes only; creating or uploading new files is not allowed there.

If you have any questions or need assistance, please don’t hesitate to log a support ticket.