Source: HCL Support KB LINK
The following updates are incorporated into HCL Sametime 11.6 IF2:
- Apache Tomcat updated from version 9.0.44 to 9.0.58 fixing a number of critical issues. For a full list of fixes in Tomcat 9.0.58, refer to the Fixed in Apache Tomcat 9.0.58 topic on the Apache Tomcat 9.x vulnerabilities webpage.
- Open JDK 1.8.0_282 updated to Open JDK 1.8.0_322
- APNS certificate is updated, renewing its annual certification
- HCL Sametime Proxy and Web client fixes
Fix List
- SAME-42384 – Fixed a web client file transfer vulnerability
- SAME-42511 – Fixed an issue web client n-way chat access after leaving the chat
- SAME-42386 – Fixed an issue with favicon service being abused causing Arbitrary HTTP requests
- SAME-42510 – Fixed an issue with “click-jacking” vulnerabilities
- SAME-43016 – Fixed security issues for browser API Dojo version
- SAME-40348 – Fixed an issue allowing offline chat with users from browser API for persistent chat users
- SAME-42242 – Fixed an issue where the incorrect JWT Token was set on authentication when valid JWT was provided
- SAME-41931 – Fixed an issue affecting multi-tenancy environment when joining a moderated meeting user cannot share screen or give others permission
- SAME-41785 – Fixed an issue affecting multi-tenancy environment where a default meeting room provisioning fails