A security vulnerability was recently identified and reported to Hyland relating to Alfresco Content Services. We have received and verified three security issues with severity up to critical in our platform.

Supported Alfresco Content Services versions

The Alfresco Content Services Engineering team has created a hotfix for each supported version affected. Supported customers have received an email with hotfix locations and instructions to install. If you are a supported customer and have not received this communication, please submit a support ticket via Hyland Community.

Unsupported Alfresco Content Services versions

If your organization is running on an unsupported Alfresco Content Services version, it is recommended that you upgrade to a more recent Alfresco Content Services version to address the current security vulnerabilities and mitigate future risk.

Please visit this webpage, and a Hyland team member will reach out to discuss upgrade options. In the meantime, learn more about the Alfresco Cloud, our fully managed platform, and our latest on-premises  version Alfresco Content Services 7.0.1. 

Additional information

If you have questions on whether you are on a supported or unsupported Alfresco Content Services version, visit the Product Support Status page.

Additional security information related to the issues will be publicly disclosed when the common vulnerabilities and exposures (CVEs) are assigned. 

Hyland will continue to notify you of opportunities to enhance your Alfresco Content Services platform security.