- Hotfix 20210930-01 applies to Typefi Server for Workgroup.
- Hotfix 20210930-01 fixes a security issue where users with limited roles had elevated privileges if they closed and then reopened their browser without signing out.
We identified a security issue in Typefi Server 184.108.40.206 and earlier where a user’s role was not saved in their user session when they closed and reopened the browser without signing out.
As a result, a user assigned a specific role could elevate their user permissions. For example, if a user was assigned a role that only allowed them to Run workflows, closing and reopening the browser would give them all user permissions, regardless of their assigned role.
Hotfix 20210930-01 fixes this issue. Now, when users close and reopen their browser without signing out, their assigned role does not change.
What you need to do
If you are using Typefi Server for Workgroup 220.127.116.11 or earlier, install Hotfix 20210930-01:
- Sign in to the Typefi FTP and download this installer:
- Run the installer. You do not need to uninstall the previous version first. Although you may select all defaults, our suggested practice is to install to a dedicated volume or a designated app folder. The contents of this package include Apache Tomcat and Typefi Server Console files.
If you are using Typefi Server for Desktop, you do not need to install Hotfix 20210930-01.
If you are using Typefi Server for Cloud, you do not need to do anything. We will apply Hotfix 20210930-01 during the next maintenance window.