Hyland Connect

jjrabadan · ‎11-21-2022

Goog morning:

I'd like to know if the community versions of Alfresco have also this issue. If so, are there any patches ready to fix this problem?

Thank you.

Best regards,

angelborroy · ‎11-21-2022

May you give more details on the issue?

I'm not aware of any similar to the one you describe.

Hyland Developer Evangelist

Coin · ‎11-21-2022

We received this email from Hyland last Friday:

But I'm unable to access the detail page for this. @angelborroy is there a CVE description with details about version & general impact of this vulnerability?

Thanks!

angelborroy · ‎11-21-2022

I'm not able to find that Technical Bulletin, not sure if that was published / distributed by error.

Hyland Developer Evangelist

jjrabadan · ‎11-22-2022

Hello, Angel:

thank you for your answer. Can you verify this point with the development team? If this security issue also happens on Community edition, a patch is needed (in orther to set the maximum memory an script can manage). There are several customers in the world that use Alfresco Community in production environment.....

Thank you.

Best regards.

angelborroy · ‎11-22-2022

Server side JavaScript code in Alfresco Repository is allowed, but this is mainly restricted to administrator users. The product can be limited / restricted in features in order to protect yourself from your administrators... but does this make sense?

Hyland Developer Evangelist

Hyland Connect

Memory Leak as Denial of service attack