Actions required when upgrading

• In response to CVE‑2025-48976 and CVE‑2025-48988, the Add-on Tomcat introduces new default limits for multipart requests. Specifically, the maximum number of parts in a multipart request is now limited to 50, and the maximum size of all headers per part is limited to 512 bytes.
  Both of these limits may render applications deployed in the Add-on Tomcat non-functional. Such applications communicate with a backend on localhost:7800.
  The Airlock SOAP Filter is not affected by these new limits.
• The Microsoft Mapping templates (Exchange 2016/2019, SharePoint 2016/2019, and WebDAV) have reached end of life. The reasons for this are:
• • Microsoft has discontinued support for Exchange Server 2016 and 2019 as of October 14, 2025, and will end support for SharePoint 2016 and 2019 on July 14 2026.
  • Many customers migrating to OneDrive or similar solutions instead of WebDAV.

• Customers who previously used these Mapping templates can continue to protect their Microsoft applications; however, no new templates will be released for these products.

• The Airlock Splunk App has been discontinued.

Access restriction for REST interface

• The access to the REST interface is restricted to users with the airlock-administrator role. User accounts assigned to any other roles are no longer permitted to access the REST interface.
• Before upgrading to this release, please refer to the known issue description Determine and migrate user accounts for read-only REST API access for guidance on how to identify affected users and migrate them.

• The Add-on Tomcat is automatically uninstalled if no application is deployed.
• The Add-on Tomcat is available in versions 9 and 11, and can be installed if required. For details, see Submenu – Add-on Modules