For various revisions of DataFlex there are updates available that address a cross-session contamination security fix for web applications (this is the only change from the latest previously published releases for each revision).
Under certain circumstances web property values from one session could leak into another session. This bug does not affect the usability of applications and regular users would not see these values. Hackers can potentially exploit the behavior making it a security risk that needs to be addressed. This issue affects DataFlex 2017 (19.0) and higher.
Developers working on these DataFlex revisions are encouraged to update now.
This security fix is also included in the Updated DataFlex 2022 Release.
The installers for previously published builds (220.127.116.11) are replaced with new installers for build 18.104.22.168. This includes updated packages for the security fix and an updated readme file. Note that there have been prior updates to DataFlex 2021, so the full list of changes between the original release (20.0.6) and the latest builds can be seen here: DataFlex 2021 Update Release Notes
The installers for previously published builds (22.214.171.124) are replaced with new installers for build 126.96.36.199. This includes update packages for the security fix and an updated readme file. Note that there have been prior updates to 19.1, so the full list of changes between the original release (19.1.56) and this update are in the readme file installed with the update.
DataFlex 2017 is no longer on the supported products list, so we are not updating the published builds. The updated packages for the security fix are available here. The Security Patch - Web Property Cross-Session Contamination document included in the zip file gives complete instructions for manually installing the fix.
Note that the zip file includes the security fix that can be applied manually for DataFlex 2022, 2021, 2019 and 2017, but we encourage developers to use the new installers when available.
For further discussion, visit the DataFlex Web & Mobile Applications forum.