https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123476#M33795 <P>Hello, Angel:</P><P>thank you for your answer. Can you verify this point with the development team? If this security issue also happens on Community edition, a patch is needed (in orther to set the maximum memory an script can manage).&nbsp; There are several customers in the world that use Alfresco Community in production environment.....</P><P>Thank you.</P><P>Best regards.</P> Tue, 22 Nov 2022 14:00:29 GMT jjrabadan 2022-11-22T14:00:29Z https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123472#M33791 <P>Goog morning:</P><P>I'd like to know if the community versions of Alfresco have also this issue. If so, are there any patches ready to fix this problem?</P><P>Thank you.</P><P>Best regards,</P> Mon, 21 Nov 2022 14:20:22 GMT https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123472#M33791 jjrabadan 2022-11-21T14:20:22Z https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123473#M33792 <P>May you give more details on the issue?</P> <P>I'm not aware of any similar to the one you describe.</P> Mon, 21 Nov 2022 14:49:57 GMT https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123473#M33792 angelborroy 2022-11-21T14:49:57Z https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123474#M33793 <P>We received this email from Hyland last Friday:</P><P><SPAN class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2022-11-21 at 16.37.39.png" style="width: 799px;"><span class="lia-inline-image-display-wrapper" image-alt="image"><img src="https://connect.hyland.com/t5/image/serverpage/image-id/1602i0B1033AE2585773A/image-size/large?v=v2&amp;px=999" role="button" title="image" alt="image" /></span></SPAN></P><P>But I'm unable to access the detail page for this.&nbsp;<A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/5487">@angelborroy</A>&nbsp;is there a CVE description with details about version &amp; general impact of this vulnerability?</P><P>Thanks!</P> Mon, 21 Nov 2022 15:39:54 GMT https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123474#M33793 Coin 2022-11-21T15:39:54Z https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123475#M33794 <P>I'm not able to find that Technical Bulletin, not sure if that was published / distributed by error.</P> Mon, 21 Nov 2022 16:05:00 GMT https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123475#M33794 angelborroy 2022-11-21T16:05:00Z https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123476#M33795 <P>Hello, Angel:</P><P>thank you for your answer. Can you verify this point with the development team? If this security issue also happens on Community edition, a patch is needed (in orther to set the maximum memory an script can manage).&nbsp; There are several customers in the world that use Alfresco Community in production environment.....</P><P>Thank you.</P><P>Best regards.</P> Tue, 22 Nov 2022 14:00:29 GMT https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123476#M33795 jjrabadan 2022-11-22T14:00:29Z https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123477#M33796 <P>Server side JavaScript code in Alfresco Repository is allowed, but this is mainly restricted to administrator users. The product can be limited / restricted in features in order to protect yourself from your administrators... but does this make sense?</P> Tue, 22 Nov 2022 14:26:56 GMT https://connect.hyland.com/t5/alfresco-forum/memory-leak-as-denial-of-service-attack/m-p/123477#M33796 angelborroy 2022-11-22T14:26:56Z