| Tip |
|---|
Did you know you can subscribe to updates to security issues and release notes? Right click and copy this link and paste it into Outlook RSS Feeds or your feed reader of choice. |
March 15, 2024
FLEXDEPLOY-11432 - A path traversal vulnerability was discovered in FlexDeploy that affected versions 6.0.0.0-6.0.0.9, 6.5.0.0-6.5.0.15,7.0.0.0-7.0.0.3. This vulnerability is patched in versions 6.0.0.10, 6.5.0.16, 7.0.0.4, and 8.0.0.0. Upgrading to one of those versions is recommended.
March 13, 2024
FLEXDEPLOY-11605 - The versions of Apache Tomcat that ships with FlexDeploy are vulnerable to CVE-2024-24549 and CVE-2024-23672. CVE-2024-24549 is regarding HTTP/2, which Flexagon has not recommended, so no customers should be affected. CVE-2024-23672 is in regards to WebSockets, which FlexDeploy does not use. Tomcat will be updated in future versions.
...