This document contains details about the Adobe Connect 11.4.9 release, including release dates, technical requirements, upgrades, improvements, and known issues.
Overview
Adobe Connect enables you to create rich digital training, webinars, and collaboration experiences. For an overview of Adobe Connect, see www.adobe.com/products/adobeconnect.html.
Adobe Connect 11.4.9 is a security release fixing various issues and is available as a patch.
Release dates
Adobe Connect 11.4.9 rolls out in the following phases:
On-premise deployments:
Will be available from Oct 9, 2024.
Managed services:
Contact your Adobe Connect Managed Services (ACMS) representative, or private cloud provider, to schedule an upgrade.
System requirements
For the latest system requirements, see the Adobe Connect Technical Specifications page.
Adobe Connect application
This update does not include a new version of the Adobe Connect application.
- If you are an IT administrator, you can ensure that all users have the latest Adobe Connect application with our installer. Download the latest stand-alone or MSI installers for the Adobe Connect application from this page, or install directly from the following URLs:
- Adobe Connect application for Windows
- Adobe Connect application for Mac
Upgrade paths for on-premise deployments
Here are the prerequisites for this release:
- From Adobe Connect 9.x, upgrade to Adobe Connect 11.4 before applying this patch
- From Adobe Connect 10.x, upgrade to Adobe Connect 11.4 before applying this patch
- From Adobe Connect 11.x, upgrade to Adobe Connect 11.4 before applying this patch
Issues resolved
Issue Tracking Number |
Issue Description |
|---|---|
| 4156239 | Fixed an issue where limited administrator is able to delete Email aliases. |
| 4156241 | Fixed an issue where limited administrator is able to delete Campaign ID. |
| 4156242 | Fixed an issue where limited administrator is able to access 'Share settings' of Admin - Compliance and Control |
| 4156243 | Fixed Pen Test Vulnerability - Unvalidated Redirect Security Control Bypass |
| 4156244 | Fixed an issue where a limited administrator is able to delete event tags. |
| 4156245 | Fixed an issue where an unauthorized participant can change attendee pod preference of the room. |
| 4156246 | Fixed Pen Test Vulnerability - Websockets functionality leading to Server-side request forgery |
| 4156247 | Fixed an issue where an unauthorized participant can change caption preferences of the room. |
| 4156248 | Fixed an issue where an unauthorized participant can disable usage of private messaging and change notification time for all users. |
| 4156249 | Fixed an issue where an unauthorized participant can change Q&A preferences of the room. |
| 4156250 | Fixed an issue where an unauthorized participant can change video preferences of the room. |
| 4156251 | Fixed an issue where an unauthorized participant can gain access to in-meeting captioner privileges. |
| 4156253 | Fixed a cross-site scripting vulnerability which could lead to account takeover. |
| 4156254 | Fixed a cross-site scripting vulnerability in the notes system. |
| 4156256 | Fixed a cross-site scripting vulnerability via the URI path which could lead to session highjacking, user impersonation, and client-side attacks. |
| 4156258 | Fixed a stored cross-site scripting vulnerability that allowed a guest to upload a malicious .pod file which could lead to account takeover. |
| 4156260 | Fixed an issue where an attacker can manipulate the object reference to bypass access control checks. |
| 4156240 | Upgrade to JDK 1.8.0_411 for Presenter |
| 4156252 | Upgrade to JDK security baseline 1.8.0_411 for AEM |
| 4156519 | Upgrade to JDK 1.8.0_411 for CPS/TelSvc/BAMA |