Help

Alfresco Content Services security notification and actions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco Content Services security notification and actions

aleach
Alfresco Employee
0 3 2,453
‎19 Aug 2021 11:56 AM

A security vulnerability was recently identified and reported to Hyland relating to Alfresco Content Services. We have received and verified three security issues with severity up to critical in our platform.

Supported Alfresco Content Services versions

The Alfresco Content Services Engineering team has created a hotfix for each supported version affected. Supported customers have received an email with hotfix locations and instructions to install. If you are a supported customer and have not received this communication, please submit a support ticket via Hyland Community.

 

Unsupported Alfresco Content Services versions

If your organization is running on an unsupported Alfresco Content Services version, it is recommended that you upgrade to a more recent Alfresco Content Services version to address the current security vulnerabilities and mitigate future risk.

 

Please visit this webpage, and a Hyland team member will reach out to discuss upgrade options. In the meantime, learn more about the Alfresco Cloud, our fully managed platform, and our latest on-premises  version Alfresco Content Services 7.0.1

 

Additional information

If you have questions on whether you are on a supported or unsupported Alfresco Content Services version, visit the Product Support Status page.

 

Additional security information related to the issues will be publicly disclosed when the common vulnerabilities and exposures (CVEs) are assigned. 

 

Hyland will continue to notify you of opportunities to enhance your Alfresco Content Services platform security.

0 Kudos
3 Comments
jpotts
Professional
‎23 Aug 2021 9:45 PM

Exactly how are community edition users supposed to identify what these vulnerabilities are and whether or not they are affected?

afaust
Master
‎23 Aug 2021 9:48 PM

@jpotts You are assuming that Enterprise Edition users have any more meaningful input. The same type of question is being raised in the Hyland Community for support. Granted, they did at least give a bullet point list of three or four high-level titles/descriptions, though as far as it appears, the Enterprise hot fix also includes some seemingly overreaching feature restriction affecting the "Execute Script" action under the guise of "security".

0 Kudos
maxodoble
Active Member
‎29 Sep 2021 10:28 AM

Whow....

the silence regarding this topic here (or elsewhere in the alfresco universe) is deafening!

Max

 

0 Kudos
Alfresco Content Services Blog

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.