Now Available: Geocortex Essentials 4.15.3

Angeheftet

Yona Bystedt

7. November 2024 17:13 Bearbeitet

This minor release continues to provide compatibility with ArcGIS Enterprise 11.4 and earlier.

It addresses a possible XSS vector in the Run Datalink HTML endpoint and is a recommended upgrade.

Check out the Release Notes for more information.

0

• Offizieller Kommentar

  

  Yona Bystedt

  8. Januar 2025 17:19

  Hi Chelsea. Yes this affects all datalinks setup in Essentials in all prior versions.

  However, the vulnerability is only present if the HTML version of the ‘Run Datalink’ endpoint is accessed in a browser (eg: `…/Geocortex/Essentials/REST/sites/SiteID/map/mapservices/0/layers/0/datalinks/DataLinkID/link`). 

  It is not present when the endpoint is accessed via the Essentials or GVH software, so a possible mitigation is just to disable HTML access to this endpoint at a server level, and all of our software will continue to function as it currently does.

   
• 

  Chelsea Rozek

  5. Dezember 2024 18:20

  Hi Yona, do you have any more information about what that vulnerability affects? Is it any and all Data Connections and Data Links you have set up on layer(s) in Geocortex Essentials? Is the vulnerability in all versions prior to 4.15.3? Thanks!

  0
• 

  Chelsea Rozek

  10. Januar 2025 14:37

  Thanks for the info, Yona Bystedt ! I appreciate it

  0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.