Dear Partner,
We have detected a security vulnerability in current and previous versions of Workspace365.
Due to the nature of the vulnerability and in accordance with responsible disclosure guidelines, we will not disclose any details at this moment.
Of course, we want to be as transparent as possible so a Post-Mortem will be released in the near future, information regarding that date will be updated in this article.
Our QA team discovered the vulnerability, but we have not detected that the vulnerability has been abused and there has been no evidence of the impact (yet). We will keep closely monitoring this after the hotfix is deployed, and we have taken the appropriate measures
We have provided 2 update packages 3.62.1 & 3.63.1 which contain the fix.
Workspace 365 -Version 3.62.1
Password: it&LXpbsK#sJJZX0paWl04Dc1iro@J&4
Workspace 365 - Version 3.63.1
Password: LtH64re3d8$z*siePmX#5NLYKqZ22qQn
Due to the fact that you are Self-Hosted, you have to update the instance to the newer version, or you could be affected.
Do note that some updates require new services to be installed. This is noted in the relevant update article.
We also have an update process article which has extra information on how to update:
WARNING
We strongly advise you to update only in increments of 2 and also advise updating in steps of 2 versions, then run for 2 days to let necessary processes catch-up.
If you update more than that, there is a small chance for loss of data.
For questions, please submit a ticket to our support team.