Coming this week, the following BTP Services are mostly linked to security improvements that will enhance your BTP environment and also to your developers working on following services.
Modified security recommendations
Some of the security recommendations for SAP Credential Store are now updated, as follows:
Security recommendation BTP-CRS-0001 is deprecated and removed from the list. Reason: Its formulation was quite broad and was not providing clear guidance to the users.
Security recommendation BTP-CRS-0004 is deprecated and removed from the list. Reason: Access to the administration console of the service is not so high of a risk that it warrants a security recommendation.
Security recommendation BTP-CRS-0006 is reworded. Reason: It now reflects the reduced default expiration for new credentials of authentication methods basic and oAuth:key to 60 days.
Security recommendation BTP-CRS-0007 is enhanced. Reason: It now clarifies where and when to use each authentication type to access the REST API of SAP Credential Store.
Security recommendation BTP-CRS-0009 is deprecated and removed from the list. Reason: It has been merged with recommendation BTP-CRS-0006.
The rest of the recommendations have been improved for better readability to make clear when they should be applied.
Connectivity - Destination Service
The Destination service is now integrated with the Alert Notification service (ANS). Currently, you can get notifications for expiring certificate entities which are not enabled for automatic renewal.