Unsupported content


This product is in "End of Version Support". However, the documentation is available for your convenience. You will not be able to leave comments.

Skip to end of metadata
Go to start of metadata

This topic provides information about the security enhancements and new features in this release:

Security enhancements for the mid tier

  • You can now log on to BMC Remedy Mid Tier using only HTTP POST requests.
  • You can add an inclusion list of URLs to be redirected to when you log out of the mid tier. To add an inclusion list, add the following property in the <midTierInstallDirectory>/WEB-INF/classes/config.properties file:



    The inclusion list must also contain the mid tier's own URL to allow the mid tier to redirect to itself.

New parameter for encrypting information

BMC Remedy Developer Studio provides the ENCRYPT and DECRYPT functions to encrypt and decrypt data in filters and escalations, securing the operations. By default, only the 56-bit DES algorithm is used for encryption, but you can specify the 256-bit AES algorithm for better security. To enable the 256-bit AES algorithm, add the Workflow-Encryption-Algorithm:x parameter to the ar.cfg or ar.conf file, replacing x with the value that identifies the algorithm:

  • Workflow-Encryption-Algorithm:1 — Enter 1 to use the 56-bit DES algorithm.
  • Workflow-Encryption-Algorithm:7 — Enter 7 to use the 256-bit AES algorithm. 

This algorithm is applied only when you use ENCRYPT function in BMC Remedy Developer Studio.


BMC recommends that you use the 256-bit AES algorithm for better security.

Security restrictions on file uploads

You can now restrict BMC Remedy Action Request System (AR System) users from uploading and viewing files with certain extensions in BMC Remedy Mid Tier and BMC Remedy User Tool. This feature helps prevent users from uploading malicious attachments and viewing them. For more information, see Security restrictions on file uploads.