[SECURITY] - Feb. 2022

Ryan Carrie shared this announcement 5 months ago

Security Fixes as of Feb. 2022

A number of Security fixes and enhancements are available in our current releases below:

9.7.1

8.0.11

Please review the Security change log below for more details.  Full release notes are available on the Yellowfin Wiki - Release Notes page.  We recommend upgrading at the earliest possibility, with our best practices in mind.

Hop on over to the Yellowfin portal to download your update today.


Issue Type Key Priority Change Log Comments
Enhancement 21726 Medium Upgraded the Apache XML Graphics Commons library to version 2.6.
Bug 21856 High Upgraded PDFBox libraries to version 2.0.24.
Enhancement 22188 Medium Upgraded the JSch library from 0.1.55 to 0.1.63 to support more ciphers.
Bug 22238 Highest Resolved an issue where if a problem produced the JDBC error message during Yellowfin installation, the error message would also display the DB password.
Bug 22696 High Resolved a potential security vulnerability with the input area of report approval messages.
Bug 22697 Medium Resolved a potential vulnerability with approval folders.
Bug 22698 Medium Resolved an issue that could potentially bypass the approval step before publishing reports to private folders.
Bug 22748 Medium Resolved a potential security vulnerability when retrieving the list of discussion group members.
Bug 22758 High Resolved a potential security vulnerability in email templates.
Bug 22827 Highest Addressed a potential vulnerability with the quick login functionality.
Bug 22950 Highest Resolved an issue that would prevent Access Filters from functioning correctly if a certain combination of cached filters were applied.
Bug 22969 High Upgraded the Apache Commons Compress library to version 1.21.
Bug 23020 High Upgraded the jsoup library to version 1.14.2.
Bug 23021 Highest Upgraded the XStream library to version 1.4.18.
Bug 23426 High Upgraded Apache XMLSec library to version 2.2.3.
Enhancement 23482 Medium Optimized loading times for the Browse page by refactoring how restricted table columns are queried.
Bug 23832 Highest Resolved an issue that would cause users to retain access to dashboards after being removed from a user group until the instance was restarted or the caches were cleared.
Bug 23912 Highest Upgraded the Apache Log4j library to version 2.15.0.
Bug 23956 Highest Upgraded the Apache Log4j library to version 2.17.0.
Bug 23992 Highest Upgraded the Log4j library to version 2.17.1.

Looking at upgrading to 9.7 from 8 or previous versions? Please reach out to us as we’d love to assist you with any queries you have.

Regards,

The Yellowfin Team