This security release of Syracuse Server addresses vulnerabilities discovered in Syracuse Server 12.19.0
This security risk Does not affect previous versions of Syracuse. Please replace Syracuse Server 12.19.0 with Syracuse Server 12.19.3.4.
Syracuse Server 12.19.3.4 fixes two specific risks that have been identified:
- JavaScript vulnerability.
- Host management for the “Reset password” link: Hostname management for the “Reset password” feature has been strengthened with a list of allowed hostnames to prevent hostname hijacking. Allowed hostnames must be specified in the allowed list in Administration > Global Settings for Sage X3 to accept password reset URLs (Documentation for this feature will be available soon).
- This hotfix also fixes a translation issue with the French language in login.
Following Sage X3 Security Best Practices reduces security risks. However, we strongly recommend applying all security patches released by Sage.
