x Want to participate? Join the group to interact
Options
  • Locked Locked
  • Replies 0 replies
  • Subscribers 41 subscribers
  • Views 163 views
  • Users 0 members are here
Browse Forums
Novidades
326
topics
25
replies
Fórum Geral
299
topics
140
replies
Announcement!
This is a notification for product news or an alert. If you have a question, please start a new discussion
aurabileu

Sage X3: Hotfix - Syracuse Server 12.19.3.4

Posted By

This Security SyracuseServer fixes vulnearabilities discovered in SyracuseServer 12.19.0. The security risk does not affect previous version of Syracuse. So, please replace SyracuseServer 12.19.0 by SyracuseServer 12.19.3.4.

SyracuseServer 12.19.3.4 fixes two specific risks that have been identified: 

  • JS / command-line-injection: Allows an untrusted user to run malicious shell commands through JavaScript injection.
  • Host management for the “Reset password” link: The hostname management for the “Reset password” link has been reinforced with a hostname whitelist, to protect from hostname highjack.
    Allowed host names must be specified in the whitelist in Administration > Global Settings for the reset password URLs to be accepted by Sage X3.
    Documentation for this feature will be available shortly.

This hotfix fixes also a wrong translation in french when re-signing.

SyracuseServer 12.19.3.4 is available in portal my.sage.pt:

*Community Hub is the new name for Sage City