[IMPORTANT] Security Fixes - September 2021

Ryan Carrie shared this announcement 2 months ago

Yellowfin has released several Security fixes, which are available through the Yellowfin Portal for download.

9.6.1

8.0.10.1

It is advised that Yellowfin Administrators upgrade at the earliest possibility, which remediates the following:

Key Change Log


22827 Addressed a potential vulnerability with the quick login functionality.
22758 Resolved a potential security vulnerability in email templates.
22748 Resolved a potential security vulnerability when retrieving the list of discussion group members.
22698 Resolved an issue that could potentially bypass the approval step before publishing reports to private folders.
22697 Resolved a potential vulnerability with approval folders.
22696 Resolved a potential security vulnerability with the input area of report approval messages.
22695 Upgraded the JS library TinyMCE to version 5.8.2.
22694 Upgraded Tomcat to 9.0.50 for new installations.
22401 Resolved an issue where the database password would display when installing Yellowfin through the command line.
22238 Resolved an issue where if a problem produced the JDBC error message during Yellowfin installation, the error message would also display the DB password.
22188 Upgraded the JSch library from 0.1.55 to 0.1.63 to support more ciphers.
21971 Resolved a potential vulnerability in attaching links and videos to comments.
21959 Resolved a potential security vulnerability in user profile image functionality.
21738 Resolved a potential security vulnerability with image access.
21563 Resolved a potential security vulnerability when editing storyboard slide settings.
21465 Resolved a potential security vulnerability with the availability of report detail summary information.
21447 Resolved a potential vulnerability with the handling of data source passwords during the import process.
21368 Resolved a potential security vulnerability with content folder management.
21327 Resolved a potential vulnerability with unauthorised user session access to the Admin Console.
21325 Resolved a potential security vulnerability with the email template.
21324 Improved the security of the Browse page.
21227 Resolved a potential security issue that could arise during the testing of data source connections.
20999 Resolved a potential security vulnerability in the import functionality.
20110 Resolved a potential security vulnerability with the reference code manager.
5182 Resolved a potential vulnerability with storyboard sharing.

Always consider our best practices when performing an upgrade.  More details can be found in the Release Notes by clicking your specific version above.