Release date: November 17, 2015
Vulnerability identifier: APSB15-30
Priority: See table below
CVE number: CVE-2015-5255
Platform: All Platforms
Adobe has released a security update for LiveCycle Data Services. This update includes an updated version of Apache™ BlazeDS that resolves an important server-side request forgery vulnerability. Adobe recommends users apply the available updates using the instructions provided in the "Solution" section below.
Product | Affected Versions | Platform |
---|---|---|
LiveCycle Data Services | 4.7, 4.6.2, 4.5, 3.1.x, 3.0.x | Windows, Macintosh and Unix |
Adobe categorizes this hotfix with the following priority rating and recommends users apply the relevant patch available below using the instructions provided in this KB article:
Version | File Contents | Checksum (SHA1) |
---|---|---|
4.7.0.354178 |
flex-messaging-core.jar |
1630ab025c94b9cd17eb6c08c8d3c03e8c3b476d |
4.6.2.354178 |
flex-messaging-core.jar | 13913aeeab44cca926311d69beab7144acd5cd69 |
4.5.1.354177 |
flex-messaging-core.jar | 1a7caded7b92da7f7a339b4708a70a6bc0c38a0c |
3.1.0.354180 | flex-messaging-core.jar | e90dc9153729395887096751d37d386a66e96230 |
3.0.0.354175 |
flex-messaging-core.jar | 0b6e26f5f7a70c524bdd56642a2a3201dc0a3687 |