This is a notification for product news or an alert. If you have a question, please start a new discussion

Sage X3: Hotfix - Syracuse Server

This Security SyracuseServer fixes vulnearabilities discovered in SyracuseServer 12.19.0. The security risk does not affect previous version of Syracuse. So, please replace SyracuseServer 12.19.0 by SyracuseServer

SyracuseServer fixes two specific risks that have been identified: 

  • JS / command-line-injection: Allows an untrusted user to run malicious shell commands through JavaScript injection.
  • Host management for the “Reset password” link: The hostname management for the “Reset password” link has been reinforced with a hostname whitelist, to protect from hostname highjack.
    Allowed host names must be specified in the whitelist in Administration > Global Settings for the reset password URLs to be accepted by Sage X3.
    Documentation for this feature will be available shortly.

This hotfix fixes also a wrong translation in french when re-signing.

SyracuseServer is available in portal