• Adds two settings "Hide Internal Database Error Message Details" and "Database Default Error Message". When 'Hide Internal Database Error Message Details' is enabled and "Database Default Error Message" is populated with a custom message, that message will be returned in case of a database error. If left empty, a generic error message is returned instead. (R11DT-2561).

• Adds a setting "Enable range validation and timezone invariant DateTime in Mobile/Reactive". Similar to what happens with Null Dates (described in 'Enable timezone shifts for null dates in Mobile/Reactive'), the types Date and Time can also shift when the device timezone changes. E.g. a user has an unsubmitted form with an appointment Time or a Date of birth. Then, daylight saving time changes or they cross a border to another country/state. The Date and Time may shift 1 hour or 1 day causing them to be submitted with incorrect values. To fix this behavior, we reimplemented DateTimes so that only DateTimes are sensitive to timezone shifts. Null Dates, Dates, and Times will always have the same value after being created, regardless of the timezone. E.g. if the user selects an appointment at 7:00:00 AM, this object will always be 7:00:00 AM and won't change to 6:00:00 AM if timezone shifts -1 hour. By default, this implementation revamp includes the fix 'Enable timezone shifts for null dates in Mobile/Reactive'. Additionally, we now impose a validity range between [#1900-01-01 00:00:00#, #3000-12-31 23:59:59#] as officially documented for Date and DateTime. Any new/existing date outside this range is handled as a null date. Finally, when saving any DateTime in the local DB, it is stored in UTC. Please note that this is an opt-in feature to ensure these changes do not affect existing applications that might rely on dates outside the supported range or expect Dates and Times to be affected by timezones. It is advised a careful impact analysis on your applications before enabling this feature. (R11DT-2572)

• Adds a setting "Disable Max Age for Anonymous cookies in Mobile/Reactive" to enable a tentative workaround for a WebKit issue that causes sessions to be randomly lost on Apple devices (usually iOS 17 but also MacOS). More details are available in the release notes of Platform Server 11.28.0. (R11DT-2497).

• Adds two settings "Enforce Unsafe Eval Reactive" and "Enforce Unsafe Inline Reactive" that control the usage of unsafe-eval and unsafe-inline directives in the Content Security Policy of reactive apps. The support for mobile apps isn't yet available. (RPM-3117)

• fixed references to system components

• Added new environment security options to force Secure and SameSite properties in cookies generated by the platform. Check the document Upcoming changes in cookie handling in Google Chrome for more information. (RPC-502)

• Added Session fixation protection
• Added Brute Force Protection configuration (for ServiceCenter and LifeTime)
• Added Update User's Last Login Date on Login
• Changed compiler timeout unit to minutes instead of seconds
• Fixed default value for Expect100Continue

- fixed a minor issue with the default of Expect 100 Continue