The TRIRIGA application allows the upload of malicious file types, such as scripts, malware, and Trojans. A malicious user can run commands on the server, using an uploaded shell which will have adverse impact. The TRIRIGAWEB.properties setting IMPORT_CONTENT_INCLUDE_EXTENSIONS is non-functional, allowing users to upload malicious files.
The TRIRIGAWEB property IMPORT_CONTENT_INCLUDE_EXTENSIONS was not being honored in the Document Manager. If INCLUDE rules are set in the TRIRIGAWEB.properties, they will now be honored.