Sage X3

Welcome to the Sage X3 Support Group on Community Hub! Available 24/7, the Forums are a great place to ask and answer product questions, as well as share tips and tricks with Sage peers, partners, and pros from around the globe.

Announcement!

This is a notification for product news or an alert. If you have a question, please start a new discussion

ALERT : Syracuse Server 12.19.3.4 (Security hotfix for 2023 R2)

Posted By chris hann 5 months ago

This Security Syracuse Server release fixes vulnerabilities discovered in Syracuse Server 12.19.0.

The security risk does not affect the previous version of Syracuse. Please replace Syracuse Server 12.19.0 with Syracuse Server 12.19.3.4.

Syracuse Server 12.19.3.4 fixes two specific risks that have been identified:

JavaScript Vulnerability
Host management for the “Reset password” link: The hostname management for the “Reset password” feature has been reinforced with a hostname allowlist to protect from hostname hijacking. Allowed host names must be specified in the allowlist in Administration > Global Settings for the reset password URLs to be accepted by Sage X3. (Documentation for this feature will be available soon)
This hotfix also addresses a translation issue with the French language on login.

Following the Sage X3 Security Best Practices reduces security risks. However, we strongly advise you to apply all security patches issued by Sage.

To access this download, visit our Sage Knowledgebase Site HERE, then scroll down to locate the 2023R2 (12.0.34) downloads. Once you select the download link, you will be prompted to login to your Sage Portal Account.

Sage X3

ALERT : Syracuse Server 12.19.3.4 (Security hotfix for 2023 R2)

COMMUNITY

COMPANY

PARTNERS

SUPPORT & TRAINING