... If CSP policy gets applied via Elxis configuration then all inline javascript, CSS and events stop working. This affects everything on the page, elxis build-in extensions, third-party extensions, html content from the editor, etc. This is why Elxis must be able to work under such strict security environment. If any problem arise then it will be on a third party extension (also require update).

It means that in Elxis configuration will exist the option to enable the CSP policy or not?

Inline javascript events get removed in order Elxis to work with strict CSP directives. Many files got modified for this purpose. Most probably not 100% of these events will be removed as they are too many. HTML and javascript get re-written. Even if some inline events get preserved these will not be of critical functionality and they will be removed on a later update.
Currently all frontend section and most of the backend has these inline events removed.

If CSP policy gets applied via Elxis configuration then all inline javascript, CSS and events stop working. This affects everything on the page, elxis build-in extensions, third-party extensions, html content from the editor, etc. This is why Elxis must be able to work under such strict security environment. If any problem arise then it will be on a third party extension (also require update).

Καλησπέρα. Στην προσπάθεια να στείλω ένα Link ενός άρθρου στο messenger για εικόνα μου εμφανίζει πάντα την ελληνική σημαία, αλλάζει αυτό.

Ok, I have used some jQuery

Elxis 5.6 automatically enforces selected password expiration policy. When a user login and has not changed his password for the configured period then Elxis displays him a special page to change his password. The change of the password is required and the user cannot escape this procedure. Also the password must meet the configured complexity pattern. For this feature it was required to develop a new exit page (like 403, 404, etc) called pwchange.

Also in Elxis 5.6: If you try to login 3 times without success Elxis locks your account temporary for 5 minutes. This feature implemented to prevent brute-force attacks (required by security standards).