Recently an important security issue was identified that impacts all known Efficy versions. The issue is related to inline SQL parameters that could allow an Efficy user to run unwanted update or delete statement in the database.
In recognition of the severity of this problem we have decided to release patches for the COM+ server for Efficy releases since 2012.
The following patched COM+ servers have been made available on the FTP server:
- Efficy 11.2 EfficyServer 11.2.17771.dll
- Efficy 11.1 EfficyServer 11.1.17772.dll
- Efficy 11.0 EfficyServer 11.0.17773.dll
- Efficy 10 SP2+ DServerDll 10.2.17791.dll
- Efficy 10 SP1 DServerDll 10.1.17790.dll
- Efficy 10 DServerDll 10.0.17792.dll
- Efficy 2014 (6640) DServerDll 8.0.17794.dll
- Efficy 2012 Summer DServerDll 7.0.17793.dll
We strongly recommend installing these patches on all production servers as soon as possible.
We apologize for the inconvenience.