[SECURITY] - Feb. 2022
Security Fixes as of Feb. 2022
A number of Security fixes and enhancements are available in our current releases below:
9.7.1
8.0.11
Please review the Security change log below for more details. Full release notes are available on the Yellowfin Wiki - Release Notes page. We recommend upgrading at the earliest possibility, with our best practices in mind.
Hop on over to the Yellowfin portal to download your update today.
| Issue Type | Key | Priority | Change Log Comments |
|---|---|---|---|
| Enhancement | 21726 | Medium | Upgraded the Apache XML Graphics Commons library to version 2.6. |
| Bug | 21856 | High | Upgraded PDFBox libraries to version 2.0.24. |
| Enhancement | 22188 | Medium | Upgraded the JSch library from 0.1.55 to 0.1.63 to support more ciphers. |
| Bug | 22238 | Highest | Resolved an issue where if a problem produced the JDBC error message during Yellowfin installation, the error message would also display the DB password. |
| Bug | 22696 | High | Resolved a potential security vulnerability with the input area of report approval messages. |
| Bug | 22697 | Medium | Resolved a potential vulnerability with approval folders. |
| Bug | 22698 | Medium | Resolved an issue that could potentially bypass the approval step before publishing reports to private folders. |
| Bug | 22748 | Medium | Resolved a potential security vulnerability when retrieving the list of discussion group members. |
| Bug | 22758 | High | Resolved a potential security vulnerability in email templates. |
| Bug | 22827 | Highest | Addressed a potential vulnerability with the quick login functionality. |
| Bug | 22950 | Highest | Resolved an issue that would prevent Access Filters from functioning correctly if a certain combination of cached filters were applied. |
| Bug | 22969 | High | Upgraded the Apache Commons Compress library to version 1.21. |
| Bug | 23020 | High | Upgraded the jsoup library to version 1.14.2. |
| Bug | 23021 | Highest | Upgraded the XStream library to version 1.4.18. |
| Bug | 23426 | High | Upgraded Apache XMLSec library to version 2.2.3. |
| Enhancement | 23482 | Medium | Optimized loading times for the Browse page by refactoring how restricted table columns are queried. |
| Bug | 23832 | Highest | Resolved an issue that would cause users to retain access to dashboards after being removed from a user group until the instance was restarted or the caches were cleared. |
| Bug | 23912 | Highest | Upgraded the Apache Log4j library to version 2.15.0. |
| Bug | 23956 | Highest | Upgraded the Apache Log4j library to version 2.17.0. |
| Bug | 23992 | Highest | Upgraded the Log4j library to version 2.17.1. |
Looking at upgrading to 9.7 from 8 or previous versions? Please reach out to us as we’d love to assist you with any queries you have.
Regards,
The Yellowfin Team
Replies have been locked on this page!