This Security SyracuseServer fixes vulnearabilities discovered in SyracuseServer 12.19.0. The security risk does not affect previous version of Syracuse. So, please replace SyracuseServer 12.19.0 by SyracuseServer 126.96.36.199.
SyracuseServer 188.8.131.52 fixes two specific risks that have been identified:
- Host management for the “Reset password” link: The hostname management for the “Reset password” link has been reinforced with a hostname whitelist, to protect from hostname highjack.
Allowed host names must be specified in the whitelist in Administration > Global Settings for the reset password URLs to be accepted by Sage X3.
Documentation for this feature will be available shortly.
This hotfix fixes also a wrong translation in french when re-signing.
SyracuseServer 184.108.40.206 is available in portal my.sage.pt: