Hyland Connect

resplin · ‎03-13-2014

Alfresco Community Edition 4.2.f is now available for download:

http://www.alfresco.com/products/community

This release only contains a couple of changes from 4.2.e. The changes are fixes for important security vulnerabilities. We highly recommend that all Community Edition users update.

The security concerns are documented in Security Advisory 6:

http://wiki.alfresco.com/wiki/SA-6

Customers should have already been notified of these vulnerabilities. Patched versions of Alfresco Enterprise are available through the support portal.

More details on the release are in the wiki here:

http://wiki.alfresco.com/wiki/Community_file_list_4.2.f

If you find something you think is a bug, check the list of known issues first before reporting it in the forums or in JIRA. If you have questions, comments, or general feedback on the release, please create it as a new topic in the appropriate forum.

loftux · ‎03-14-2014

Are the security fixes also merged to public subversion HEAD?

resplin · ‎03-14-2014

I'm told those fixes were recently merged to head, so they should be available now.

m_angel82 · ‎06-30-2014

Hello everyone.

I know that exists a vulnerability in Alfresco Enterprise 4.1.6.13 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2939) and I would to know if this vulnerability affects to Community version.

I write this post in this thread because the Community 4.2.f version solves some security problems, but I don't know if this version would also solve the problems describes in the Enterprise version.

Thank you very much.

Kind Regards,
Miguel.

mrogers · ‎06-30-2014

Yes it's the same issue. It's fixed everywhere.

louise · ‎08-02-2014

SEC Consult Vulnerability Lab released PoC's for another Alfresco Community (4.2.f) exploits: http://www.securityfocus.com/archive/1/532796

Hyland Connect

New security advisory and Alfresco Community Edition 4.2.f