HCL Sametime 11.6. FP2 is available

Source: HCL Support KB LINK
The following updates are incorporated into HCL Sametime 11.6 IF2:

  • Apache Tomcat updated from version 9.0.44 to 9.0.58 fixing a number of critical issues.  For a full list of fixes in Tomcat 9.0.58, refer to the Fixed in Apache Tomcat 9.0.58 topic on the Apache Tomcat 9.x vulnerabilities webpage.
  • Open JDK 1.8.0_282  updated to Open JDK 1.8.0_322
  • APNS certificate is updated, renewing its annual certification
  • HCL Sametime Proxy and Web client fixes

Fix List

  • SAME-42384 – Fixed a web client file transfer vulnerability
  • SAME-42511 – Fixed an issue web client n-way chat access after leaving the chat
  • SAME-42386 – Fixed an issue with favicon service being abused causing Arbitrary HTTP requests
  • SAME-42510 – Fixed an issue with “click-jacking” vulnerabilities
  • SAME-43016 – Fixed security issues for browser API Dojo version
  • SAME-40348 – Fixed an issue allowing offline chat with users from browser API for persistent chat users
  • SAME-42242 – Fixed an issue where the incorrect JWT Token was set on authentication when valid JWT was provided
  • SAME-41931 – Fixed an issue affecting multi-tenancy environment when joining a moderated meeting user cannot share screen or give others permission
  • SAME-41785 – Fixed an issue affecting multi-tenancy environment where a default meeting room provisioning fails

Leave a comment