Allowed deviating paths
As part of our ongoing commitment to security and reliability, we’re introducing an important update to how file paths are managed in both on-premise and Planon cloud environments.
This change is designed to reduce risk, improve control, and align with the latest security standards identified by the Planon Security Team.
What is changing (L119)
• Safer file access
Access to file paths will now be restricted to approved base locations (as configured in File locations). This helps prevent unauthorized or unsafe file references.
• Streamlined configuration
The Allow user-defined path setting will be removed in version L119, ensuring consistent and secure file path usage across your system.
• Allowed deviating paths
To designate a trusted path, a new field called Allowed deviating paths will be introduced in File locations (L119). This enables administrators to specify particular, trusted UNC or WebDAV paths that are not part of the standard configuration.
 | Adding locations to the Allowed deviating paths field is called whitelisting: creating a list of trusted items (e.g., files or URLs) explicitly allowed to prevent unsecure or malicious access. |
• Cloud vs. On-Premise
This update applies to all customer environments.
• Why no exceptions?
As this constitutes a security improvement, it is enforced by default and cannot be disabled. Exceptions can only be made through the Allowed deviating paths field.
How to prepare
1. At File locations, run the Download deviating paths list report (see Download deviating paths list).
This will result in a Deviating paths list report, listing paths that are not relative to a defined file location.
You have two options:
1. Whitelist the deviating paths in the field Allowed deviating paths (available from L119) .
2. Or make sure the files are stored in a location specified in File locations.
If you choose this option, the paths of files listed in the Deviating paths list report need to be altered.
2. Review your PSS JavaScript and mail merge templates to check for any deviating file locations, as these are not included in the Deviating paths list report.
Again, you have two options:
1. Whitelist the deviating paths in the field Allowed deviating paths (available from L119) .
2. Or make sure the files are stored in a location specified in File locations.
If you choose this option, the paths in the JavaScript(s)/Mail templates need to be altered.
Note
• If the Allowed deviating paths field is empty, no custom paths will be allowed.
• Files can only be uploaded to the specified file locations.
• Access to whitelisted paths is permitted for reading purposes only; creating or uploading new files is not allowed there.
Recommendation
In Reporting, to ensure that images will be displayed when running a report, Planon recommends to place images in the same folder as the template.
For more information and an example, see Images in templates (Reports)
For Self-Service, this mainly affects file upload locations. Here, you should place files in folders that are whitelisted or are a specified as a file location.