QUICK LINKS
Support
Issue Tracker
[Services]
Questions
[uAchieve 4.5 Applications]
[uAchieve 5.0 Application]
[uAchieve 5.1 Application]
Transferology
TES
[Training & Conferences]
Accessibility
Page History
Recently, there have been two security alerts issued by third parties that have raised questions about their impact on CollegeSource products, particularly those that are installed by clients. This is an overview of those alerts and our recommendation to resolving the problems as related to CollegeSource products.
| Table of Contents |
|---|
Spring Expression Language Injection
- Vulnerability of CollegeSource Products: High, depending on products installed (see chart)
- General Vulnerability to CollegeSource Clients: High
- Recommended Resolution: Update affected products to latest version.
...
| CollegeSource Product | Recommended Action |
|---|---|
| u.direct | update to the latest u.direct release OR |
| Schedule Builder | update to the latest Schedule Builder Release |
| u.achieve Self-Service | update u.achieve self-service Spring libraries u.achieve self-service release 4.1.2 will include the updated libraries by default (available Feb 28, 2013) |
| u.select Connector | update to the latest u.select Connector release |
| u.select | Hosted site has been updated to resolve vulnerability, no client action necessary |
| u.achieve Server, u.achieve Client | Not affected, no action necessary |
| DARwin Server, DARwin Client, DARSweb | Not affected, no action necessary |
| Banner Interface (DARwin and u.achieve) | Not affected, no action necessary |
| CollegeSource (redLantern) Security | Not affected, no action necessary |
| TES, CollegeSource Online | Not affected, no action necessary |
Java 7 Security Manager Bypass Vulnerability
- Vulnerability of CollegeSource Products: None
- General Vulnerability to CollegeSource Clients: High
- Recommended Resolution: Update Java to latest patch, or disable Java in the browser of all desktops
...
Overview
Content Tools