2023-11 - Synergetic Security Hotfix - 13th November 2023
Issue
In SynWeb and Community Portal, there is an issue whereby a threat actor could, under certain circumstances gain access to an unsuspecting user’s browser resources through a Cross Site Scripting (XSS) attack.
Fix
A critical hotfix has been created to patch the defect in SynWeb and Community Portal. After the fix is applied any users that are currently logged in to SynWeb or Community Portal may experience a pause in response and may need to log in again.
The hotfix can be applied as follows:
In SynWeb, locate the version of Synergetic that you have installed by going to Help>About and noting the Synweb Version.
In the table below, locate your version of Synergetic and copy the associated Patch File to your web server.
Unzip the file and execute the extracted file. This will install the updated SynWeb package to fix the issue.
At the end of the update process, it will show the Update Config File window. Click the Close button to complete the update process. Please DO NOT click Create File or Update File.
Your Synergetic Version | SynWeb Patch File | Full Version Number of SynWeb Patch | CommPortal Patch File | Full Version Number of CommPortal Patch |
---|---|---|---|---|
71.1 |
| 71.1.1.31614 |
| 71.1.1.31810 |
71.2 | 71.2.1.31600 |
| 71.2.1.31805 | |
71.3 | 71.3.2.31602 |
| 71.3.1.31803 | |
71.4 |
| 71.4.1.31603 |
| 71.4.1.31802 |
71.5 |
| 71.5.1.31702 |
| 71.5.1.31800 |
71.6 |
| 71.6.1.31605 |
| 71.6.1.31722 |
71.7 |
| 71.7.1.31607 |
| 71.7.1.31720 |
71.8 |
| 71.8.1.31521 |
| 71.8.1.31719 |
Verification
Successful application of the hotfix can be verified by checking the SynWeb Version in SynWeb > Help > About as described in Step 1 above. Ensure that the SynWeb Version now matches the Full Version Number of SynWeb Patch in the table above.
To verify that the Community Portal patch has been successfully applied, log into Community Portal as an Administrator, select About in the top right of the page and ensure that the Community Portal Version now matches the Full Version Number of CommPortal Patch in the table above.
Troubleshooting
During the update, if you encounter an error about a log file being used by another process, you can simply click on Ignore.