Aller au contenu principal

Now Available: Geocortex Essentials 4.15.3

Épinglée
Yona Bystedt
Modifié

This minor release continues to provide compatibility with ArcGIS Enterprise 11.4 and earlier.

It addresses a possible XSS vector in the Run Datalink HTML endpoint and is a recommended upgrade.

Check out the Release Notes for more information.

0

Commentaires

3 commentaires

Date Votes
  • Commentaire officiel
    Yona Bystedt

    Hi Chelsea. Yes this affects all datalinks setup in Essentials in all prior versions.

    However, the vulnerability is only present if the HTML version of the ‘Run Datalink’ endpoint is accessed in a browser (eg: `…/Geocortex/Essentials/REST/sites/SiteID/map/mapservices/0/layers/0/datalinks/DataLinkID/link`). 

    It is not present when the endpoint is accessed via the Essentials or GVH software, so a possible mitigation is just to disable HTML access to this endpoint at a server level, and all of our software will continue to function as it currently does.

     

  • Chelsea Rozek

    Hi Yona, do you have any more information about what that vulnerability affects? Is it any and all Data Connections and Data Links you have set up on layer(s) in Geocortex Essentials? Is the vulnerability in all versions prior to 4.15.3? Thanks!

    0
  • Chelsea Rozek

    Thanks for the info, Yona Bystedt ! I appreciate it

    0

Vous devez vous connecter pour laisser un commentaire.

Ce n’est pas ce que vous cherchez ?

Nouvelle publication