Improved Upload Validation for Maximum Content Security - EPC - WebApp Manual

Technical Support
Disclaimer
FAQs
1.0 Enterprise Process Center
- 1.1 Process Viewing
- 1.2 Collaborative Environment
- 1.3 User Categories
- 1.4 BPMN 2.0
- 1.5 Governance
- 1.6 Performance
2.0 EPC 15.3 Release Notes
- What’s New in EPC 15.3
- Feature Improvements
- Fixed Issues
- 15.3.1 Service Pack
- 15.3.2 Service Pack
- 15.3.3 Service Pack
- 15.3.4 Service Pack
- 15.3.5 Service Pack
- 15.3.6 Service Pack
- 15.3.7 Service Pack
3.0 The Web App
- 3.1 What is the Web App?
- 3.2 What Can I do in EPC Web App?
- 3.3 What is RASCI-VS?
4.0 Navigating the Web App
- 4.1 Logging In
- 4.2 Home & My Dashboard
- 4.3 General Navigation
- 4.4 Process
- 4.5 Performance
- 4.6 Organization
- 4.7 Documents
- 4.8 Risk
- 4.9 Control
- 4.10 Rule
- 4.11 Master Data
- 4.12 Collaboration
- 4.13 Governance
- 4.14 Apps Menu
- 4.15 Glossary
- 4.16 To Do
  - 4.16.1 Module Overview
  - 4.16.2 List
    - 4.16.2.1 Sorting
    - 4.16.2.2 Filtering
- 4.17 Capability
5.0 Search
6.0 Notifications
- 6.1 Notification Organization
- 6.2 Enable/Disable Browser Notifications
  - 6.2.1 Chrome Notifications
  - 6.2.2 Firefox Notifications
- 6.3 Reminders
7.0 Object Governance and Training Assignments
- 7.1 Approval Cycle
- 7.2 Confirmation
  - 7.2.1 Mass Confirmation
- 7.3 Endorsement Cycle
- 7.4 Training
- 7.5 Review Cycle
- 7.6 Attestation
8.0 My Profile
- 8.1 General
  - 8.1.1 User Profile Picture
- 8.2 Preferences
  - 8.2.1 Environment
  - 8.2.2 Displayed Content
- 8.3 Language
- 8.4 Theme Color Setting
- 8.5 Authorizations
- 8.6 Default Font Color
- 8.7 Signature
  - 8.7.1 Add Signature
  - 8.7.2 Remove Signature
- 8.8 Task Delegation
9.0 Environment Admin
- 9.1 Environment Settings
- 9.2 Environment Defaults
10.0 System Admin
- 10.1 General
- 10.2 Environment
- 10.3 Users
- 10.4 Groups
- 10.5 Search
- 10.6 Localization
- 10.7 Risk
- 10.8 Attributes
- 10.9 Advanced
  - 10.9.1 Edit Settings
- 10.10 Home Page Widgets
- 10.11 Diagram Tab – Adding Custom Flow Object Shape
- 10.12 Mobile App
11.0 Icons and Glossary
- 11.1 Icons
- 11.2 Glossary (Key Terms)
12.0 Editing on the Web App
- 12.1 General Edit
- 12.2 Process Edit
- 12.3 Performance Edit
- 12.4 Organization Edit
- 12.5 Documents Edit
- 12.6 Risk Edit
- 12.7 Control Edit
- 12.8 Rule Edit
- 12.9 Master Data Edit
- 12.10 Collaboration Edit
  - 12.10.1 Implement Change Requests
- 12.11 Governance Edit
- 12.12 Glossary Edit
- 12.13 Capability Edit
13.0 AI Capabilities
- 13.1 AI Document Content Mining Parser
- 13.2 AI-Powered Content Generation & Improvement
- 13.3 AI Chat Assistant
- 13.4 AI Mass Impact Recommendations
- 13.5 AI Content Parsing in EPC
14.0 Middleware Bi-Directional Integration Sync Manager
- 14.1 Atlassian Jira Two-way Integration
  - 14.1.1 Creating a Jira Epic and Story From EPC
- 14.2 Essential Projects Two-way Integration
  - 14.2.1 Creating an EA Solution From EPC
- 14.3 Jira Webhook API
- 14.4 Microsoft 365 OneDrive & Microsoft Teams Integration
15.0 EPC REST APIs
- 15.1 Getting Started
  - 15.1.1 Authentication and Token Management
  - 15.1.2 Basic Examples
- 15.2 Use Cases & Examples
- 15.3 API Reference (Swagger)
16.0 Tutorial for EPC
- 16.1 Getting Started
- 16.2 Build a Business Process
- 16.3 Create Inter-Process Links
- 16.4 Create Inputs and Outputs
- 16.5 Publish the Process
- 16.6 Import User & Assign Resource to Role
- 16.7 Approval Cycle
- 16.8 Upload a Document and Assign to Process
17.0 EPC Data Dictionary, ERD & Cognos Reports List
18.0 EPC Mobile App
- 18.1 Getting Started in EPC Mobile: Download & Log In
- 18.2 Navigating EPC Mobile
- 18.3 Offline Mode

To enhance platform security, EPC now verifies all uploaded files to ensure they are safe and match their declared file type. This applies to all uploaded content, including documents and attachments.

What’s New

File Type Validation

EPC now checks that uploaded files match their file extensions.

For example, a file named document.pdf must actually be a PDF and not a file of another type disguised with a .pdf extension.

New Advanced System Settings

UPLOAD_VALIDATE_MEDIA_TYPES (enabled by default)
- When enabled, EPC validates that the file’s content type matches its filename extension.

UPLOAD_ALLOWED_MEDIA_TYPES (optional setting)
- Allows organizations to define which file types are permitted for upload.
  - For example, to only allow PDFs, plain text, or Word files, use:
    application/pdf, text/plain, application/vnd.openxmlformats-officedocument.wordprocessingml.document

Files that do not meet the requirements will be rejected.

For more information on these advanced settings, click here.

*Note: UPLOAD_ALLOWED_MEDIA_TYPES is only enforced when UPLOAD_VALIDATE_MEDIA_TYPES is enabled.

Enhanced Downloads: Files Named Right, Every Time

Upgrades in Governance

Need more help with this?
Visit the Support Portal