Last updated on
Dec 10, 2024
This document contains details about the Adobe Connect 11.4.9 release, including release dates, technical requirements, upgrades, improvements, and known issues.
Overview
Adobe Connect enables you to create rich digital training, webinars, and collaboration experiences. For an overview of Adobe Connect, see www.adobe.com/products/adobeconnect.html.
Adobe Connect 11.4.9 is a security release fixing various issues and is available as a patch.
Release dates
Adobe Connect 11.4.9 rolls out in the following phases:
On-premise deployments:
Will be available from Oct 9, 2024.
Managed services:
Contact your Adobe Connect Managed Services (ACMS) representative, or private cloud provider, to schedule an upgrade.
System requirements
For the latest system requirements, see the Adobe Connect Technical Specifications page.
Adobe Connect application
This update does not include a new version of the Adobe Connect application.
- If you are an IT administrator, you can ensure that all users have the latest Adobe Connect application with our installer. Download the latest stand-alone or MSI installers for the Adobe Connect application from this page, or install directly from the following URLs:
- Adobe Connect application for Windows
- Adobe Connect application for Mac
Upgrade paths for on-premise deployments
Here are the prerequisites for this release:
- From Adobe Connect 9.x, upgrade to Adobe Connect 11.4 before applying this patch
- From Adobe Connect 10.x, upgrade to Adobe Connect 11.4 before applying this patch
- From Adobe Connect 11.x, upgrade to Adobe Connect 11.4 before applying this patch
Issues resolved
Issue Tracking Number |
Issue Description |
|---|---|
| 4156239 | Fixed an issue where limited administrator is able to delete Email aliases. |
| 4156241 | Fixed an issue where limited administrator is able to delete Campaign ID. |
| 4156242 | Fixed an issue where limited administrator is able to access 'Share settings' of Admin - Compliance and Control |
| 4156243 | Fixed Pen Test Vulnerability - Unvalidated Redirect Security Control Bypass |
| 4156244 | Fixed an issue where a limited administrator is able to delete event tags. |
| 4156245 | Fixed an issue where an unauthorized participant can change attendee pod preference of the room. |
| 4156246 | Fixed Pen Test Vulnerability - Websockets functionality leading to Server-side request forgery |
| 4156247 | Fixed an issue where an unauthorized participant can change caption preferences of the room. |
| 4156248 | Fixed an issue where an unauthorized participant can disable usage of private messaging and change notification time for all users. |
| 4156249 | Fixed an issue where an unauthorized participant can change Q&A preferences of the room. |
| 4156250 | Fixed an issue where an unauthorized participant can change video preferences of the room. |
| 4156251 | Fixed an issue where an unauthorized participant can gain access to in-meeting captioner privileges. |
| 4156253 | Fixed a cross-site scripting vulnerability which could lead to account takeover. |
| 4156254 | Fixed a cross-site scripting vulnerability in the notes system. |
| 4156256 | Fixed a cross-site scripting vulnerability via the URI path which could lead to session highjacking, user impersonation, and client-side attacks. |
| 4156258 | Fixed a stored cross-site scripting vulnerability that allowed a guest to upload a malicious .pod file which could lead to account takeover. |
| 4156260 | Fixed an issue where an attacker can manipulate the object reference to bypass access control checks. |
| 4156240 | Upgrade to JDK 1.8.0_411 for Presenter |
| 4156252 | Upgrade to JDK security baseline 1.8.0_411 for AEM |
| 4156519 | Upgrade to JDK 1.8.0_411 for CPS/TelSvc/BAMA |
| 4151465 | Fixed a cross-side scripting vulnerability. |
| 4151466 | Fixed a cross-side scripting vulnerability. |
| 4151467 | Fixed a cross-side scripting vulnerability. |
| 4151473 | Fixed a cross-side scripting vulnerability. |
| 4151474 | Fixed a cross-side scripting vulnerability. |
| 4151475 | Fixed a cross-side scripting vulnerability. |
| 4151476 | Fixed an issue where application is sending sensitive data in the response |
| 4151479 | Fixed a stored cross-site scripting vulnerability |
| 4151480 | Fixed a cross-site scripting vulnerability |
| 4151481 | Fixed a stored cross-site scripting vulnerability |
| 4151483 | Fixed a cross-site scripting vulnerability |
| 4151484 | Fixed a stored cross-site scripting vulnerability |
| 4151485 | Fixed an IDOR vulnerability that would have allowed an attacker to view victim's audio provider details. |
| 4151486 | Fixed a cross-site scripting vulnerability |
| 4151832 | Fixed a cross-site scripting vulnerability |
| 4152069 | Fixed a cross-side scripting vulnerability that can lead to account take over |
| 4152105 | Fixed an IDOR vulnerability that would have allowed for priviledge escalation from guest to host. |
| 4156253 | Fixed a cross-side scripting vulnerability. |
| 4156254 | Fixed a stored cross-site scripting vulnerability |
| 4156255 | Fixed an open redirection vulnerability due to improper parameter validation |
| 4156256 | Fixed a cross-side scripting vulnerability. |
| 4156257 | Fixed an open redirection vulnerability due to improper parameter validation |
