SECURITY- Fixes as of June 2020
Yellowfin has released a number of Security fixes and enhancements, available in current releases. These are available in the following.
Security Fixes / Enhancements:
- 8573: Fixed an issue that folder security would not be updated until user next login - Medium
- 11745: Fixed a problem that could allow command line to be injected into exported report XLSX files - HIGH
- 14011: New access mode for columns at the View: Read Restricted - Enhancement
- 14756: Fixed XSS in the View builder - HIGH
- 17625: Fixed and issue where an interaction could be made on a content without validation - Low
- 17857: Fixed XSS on PDF Export screen - HIGH
- 18877: Patch Axis library with fix for CVE-2019-0227 - Low
- 18942: Fixes to access controls around Freehand SQL Calculated Fields - HIGH
Be sure to review our best practices for performing a Yellowfin upgrade prior to making any changes to your environment.