Yellowfin Security Fixes - July 2021
Yellowfin has released a number of Security fixes and enhancements, available in 9.6 and 8.10, available now for download.
Please visit the Yellowfin portal to access these releases, and subscribe at the top right to enable notifications for Security Announcements.
Customers are encouraged to upgrade their environments to benefit from these changes. As always, please keep in mind our best practices when making any changes to your instance.
Security Fixes / Enhancements:
|21961-||Resolved an issue that would prevent client organisation reports from launching if CSRFFilter was enabled.|
|21832-||Resolved a potential access control issue on private discussion streams.|
|21626-||Upgraded the Underscore library to version 1.13.1.|
|21464-||Resolved a potential security issue with the translation import/export page.|
|21326-||Resolved a potential security issue when adding users through the User Import window.|
|21323-||Resolved a potential security vulnerability with the activity stream.|
|21261-||Resolved a potential security vulnerability when export reports to PDF and DOCX formats.|
|21229-||Resolved a potential security vulnerability in the Story Editor.|
|21228-||Resolved a potential security vulnerability in the Story Editor controls.|
|21151-||Addressed a potential XSS issue with custom header and footer includes.|
|19840-||Added a nonce to every application request to prevent duplicate submissions.|
|13108-||Resolved an issue that would allow edit access to views stored in a secure folder.|
|13060-||Improved security by implementing a feature that allows the two-way encryption key to be replaced with a custom key.|
For a full list of release notes, including breaking changes, please visit the Release Notes page on the Yellowfin Wiki.