[SECURITY] - Feb. 2022
Security Fixes as of Feb. 2022
A number of Security fixes and enhancements are available in our current releases below:
Please review the Security change log below for more details. Full release notes are available on the Yellowfin Wiki - Release Notes page. We recommend upgrading at the earliest possibility, with our best practices in mind.
Hop on over to the Yellowfin portal to download your update today.
|Issue Type||Key||Priority||Change Log Comments|
|Enhancement||21726||Medium||Upgraded the Apache XML Graphics Commons library to version 2.6.|
|Bug||21856||High||Upgraded PDFBox libraries to version 2.0.24.|
|Enhancement||22188||Medium||Upgraded the JSch library from 0.1.55 to 0.1.63 to support more ciphers.|
|Bug||22238||Highest||Resolved an issue where if a problem produced the JDBC error message during Yellowfin installation, the error message would also display the DB password.|
|Bug||22696||High||Resolved a potential security vulnerability with the input area of report approval messages.|
|Bug||22697||Medium||Resolved a potential vulnerability with approval folders.|
|Bug||22698||Medium||Resolved an issue that could potentially bypass the approval step before publishing reports to private folders.|
|Bug||22748||Medium||Resolved a potential security vulnerability when retrieving the list of discussion group members.|
|Bug||22758||High||Resolved a potential security vulnerability in email templates.|
|Bug||22827||Highest||Addressed a potential vulnerability with the quick login functionality.|
|Bug||22950||Highest||Resolved an issue that would prevent Access Filters from functioning correctly if a certain combination of cached filters were applied.|
|Bug||22969||High||Upgraded the Apache Commons Compress library to version 1.21.|
|Bug||23020||High||Upgraded the jsoup library to version 1.14.2.|
|Bug||23021||Highest||Upgraded the XStream library to version 1.4.18.|
|Bug||23426||High||Upgraded Apache XMLSec library to version 2.2.3.|
|Enhancement||23482||Medium||Optimized loading times for the Browse page by refactoring how restricted table columns are queried.|
|Bug||23832||Highest||Resolved an issue that would cause users to retain access to dashboards after being removed from a user group until the instance was restarted or the caches were cleared.|
|Bug||23912||Highest||Upgraded the Apache Log4j library to version 2.15.0.|
|Bug||23956||Highest||Upgraded the Apache Log4j library to version 2.17.0.|
|Bug||23992||Highest||Upgraded the Log4j library to version 2.17.1.|
Looking at upgrading to 9.7 from 8 or previous versions? Please reach out to us as we’d love to assist you with any queries you have.
The Yellowfin Team
Replies have been locked on this page!