Recent Security Update

jgane

2020-03-24 08:28

Status: Closed

Hi,

I was just curious if there was any more information about the recent security update that was done in 20.3 and hotfixed into 19.3.7? What did the security issue pertain to? Did it affect any other versions of LabKey before 19.3?

Thanks,
Jon

adam responded:	2020-03-24 10:04
Status: Active
Hi Jon, As I hope you can appreciate, we aren't sharing details about the exact nature of the vulnerability or potential method of exploit at this point; we want to provide our clients and users of the Community Edition ample opportunity to upgrade their servers first. I can share that the vulnerability was discovered by an expert, responsible security firm that we have engaged. We are not aware of any real-world exploits of this vulnerability. However, we strongly recommend that every LabKey Server deployment be upgraded to 20.3.0 or 19.3.7 immediately. Thanks, Adam

jgane responded:	2020-03-24 11:40
Status: Closed
Hi Adam, Thanks for the prompt response. I understand why you cannot share more details, thank you for that information. Jon