SECURITY- Fixes as of June 2020

Ryan Carrie shared this announcement 13 days ago

Yellowfin has released a number of Security fixes and enhancements, available in current releases.  These are available in the following.

7.4.14

8.0.6

9.2

Security Fixes / Enhancements:

  • 8573:  Fixed an issue that folder security would not be updated until user next login - Medium
  • 11745:  Fixed a problem that could allow command line to be injected into exported report XLSX files - HIGH
  • 14011:  New access mode for columns at the View: Read Restricted - Enhancement
  • 14756:  Fixed XSS in the View builder - HIGH
  • 17625:  Fixed and issue where an interaction could be made on a content without validation - Low
  • 17857:  Fixed XSS on PDF Export screen - HIGH
  • 18877:  Patch Axis library with fix for CVE-2019-0227 - Low
  • 18942:  Fixes to access controls around Freehand SQL Calculated Fields - HIGH

Please visit the Yellowfin portal to access these releases, and subscribe to announcements via RSS for future Security Notices, as detailed here.

Be sure to review our best practices for performing a Yellowfin upgrade prior to making any changes to your environment.