Intersoft - Intelligent, Innovative, Imaginative
Skip to content
Related Links

Rhythmyx 732_20210427 Patch Update

Patch id: 732_20210427

This patch includes security updates for the jetty application server, and corrects a defect that prevented the uploading of SVG image assets to the system.

Download

Downloads are available via the support portal at https://percussionsupport.intsof.com

Changes in this Update

RHYT-2778 - Unable to upload SVG image files - class not found errors
An issue was corrected that would prevent SVG files from being uploaded as content to the system due to missing Apache Batik dependencies.  This issue is resolved by this patch.
RHYT-2800 - Security: Update Jetty version to address multiple CVE's
The Jetty server has been updated to address multiple CVE's in the component.  Full details about the Jetty update can be found in the Jetty release notes.
The Jetty CVE's addressed by this update are:
  • 6072 jetty server high CPU when client send data length > 17408 - Resolves CVE-2021-28165
  • 6101 Normalise ambiguous URIs - Resolves CVE-2021-28164
  • 6102 Exclude webapps directory from deployment scan - Resolves CVE-2021-28163
  • 5963 Improve QuotedQualityCSV for CVE-2020-27223
  • 5605 CVE-2020-27218 java.io.IOException: unconsumed input during http request parsing
  • 5451 Improve Working Directory creation - Resolves CVE-2020-27216
  • 4936 Response header overflow leads to buffer corruptions - Resolves CVE-2019-17638

Previous Patches

Please note that ALL patches are cumulative.  The links here are to provide reference access to the release notes for everything that is included in this patch.  Prior patches do not need to be installed or uninstalled before installing this patch.

Intersoft Data Labs

5850 Waterloo Road, Suite 245 Columbia, MD 21045

Phone: +1-443-535-1889
Email: percussion.support@intsof.com
Web:  https://www.intsof.com

Social

© 2023 Percussion Software, Inc.