This article applies to Typefi Server for Workgroup (Typefi Workgroup) only.
Hotfix 20210930-01 fixes a security issue where users with limited roles had elevated privileges if they closed and then reopened their browser without signing out.
What issue does Hotfix 20210930-01 fix?
We identified a security issue in Typefi Server 18.104.22.168 and earlier where a user’s role was not saved in their user session when they closed and reopened the browser without signing out.
As a result, a user assigned a specific role could elevate their user permissions. For example, if a user was assigned a role that only allowed them to Run workflows, closing and reopening the browser would give them all user permissions, regardless of their assigned role.
Hotfix 20210930-01 fixes this issue. Now, when users close and reopen their browser without signing out, their assigned role does not change.
How do I apply Hotfix 20210930-01?
To apply Hotfix 20210930-01:
- Sign in to the Typefi FTP and download this installer:
- Run the installer. You do not need to uninstall the previous version first. Although you may select all defaults, our suggested practice is to install to a dedicated volume or a designated app folder. The contents of this package include Apache Tomcat and Typefi Server Console files.