This Security Syracuse Server release fixes vulnerabilities discovered in SyracuseServer 12.19.0.
The security risk does not affect the previous version of Syracuse. Please replace SyracuseServer 12.19.0 with SyracuseServer 126.96.36.199.
SyracuseServer 188.8.131.52 fixes two specific risks that have been identified:
- Host management for the “Reset password” link: The hostname management for the “Reset password” feature has been reinforced with a hostname allowlist to protect from hostname hijacking. Allowed host names must be specified in the allowlist in Administration > Global Settings for the reset password URLs to be accepted by Sage X3. (Documentation for this feature will be available soon)
- This hotfix also addresses a translation issue with the French language on login.
File name - syracuse-server-184.108.40.206.jar.zip
Following the Sage X3 Security Best Practices reduces security risks. However, we strongly advise you to apply all security patches issued by Sage.