Related Links
Rhythmyx 732_20210427 Patch Update
Patch id: 732_20210427
This patch includes security updates for the jetty application server, and corrects a defect that prevented the uploading of SVG image assets to the system.
Download
Downloads are available via the support portal at https://percussionsupport.intsof.com
Changes in this Update
RHYT-2778 - Unable to upload SVG image files - class not found errors
An issue was corrected that would prevent SVG files from being uploaded as content to the system due to missing Apache Batik dependencies. This issue is resolved by this patch.
RHYT-2800 - Security: Update Jetty version to address multiple CVE's
The Jetty server has been updated to address multiple CVE's in the component. Full details about the Jetty update can be found in the Jetty release notes.
The Jetty CVE's addressed by this update are:
- 6072 jetty server high CPU when client send data length > 17408 - Resolves CVE-2021-28165
- 6101 Normalise ambiguous URIs - Resolves CVE-2021-28164
- 6102 Exclude webapps directory from deployment scan - Resolves CVE-2021-28163
- 5963 Improve QuotedQualityCSV for CVE-2020-27223
- 5605 CVE-2020-27218 java.io.IOException: unconsumed input during http request parsing
- 5451 Improve Working Directory creation - Resolves CVE-2020-27216
- 4936 Response header overflow leads to buffer corruptions - Resolves CVE-2019-17638
Previous Patches
Please note that ALL patches are cumulative. The links here are to provide reference access to the release notes for everything that is included in this patch. Prior patches do not need to be installed or uninstalled before installing this patch.
- 732_20210317
- 732_20210127
- 732_20200115
- 732_20201223
- 732_20201214
- 732_20201115
- 732_20200310
- 732_20200117
- 732_20191021
- 732_20191021
- 732_20190816
- 732_20190717
- 732_20190605
- 732_20190510
- 732_20190306
- 732_20181230
- 732_20180912
- 732_20180905
- 732_20180823
- 732_20180709
- 732_20180608
- 732_20180523
- 732_20180314
- 732_20180228
- 732_20171201
- 732_20171007b
- 732_20171007
- 732_20170815
- 732_20170409
- 732_20170308