For self-hosted installations only. SaaS sites have already received this update.
Version 11.18.7 includes a fix for a file upload vulnerability affecting the InDesign file upload servlet and two related endpoints. If you are unable to upgrade to 11.18.7 at this time, please follow the instructions below to remove the following servlet entries from web.xml immediately.
Before you start
- Backup your existing web.xml file.
- Stop NetX.
- Remove the entries below from web.xml
- Start NetX.
- Validate application startup and upload-related endpoints.
<servlet>
<servlet-name>IconFileUploader</servlet-name>
<display-name>Icon File Upload Servlet</display-name>
<servlet-class>com.netxposure.products.imageportal.webservice.flex.IconUploadServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>IconFileUploader</servlet-name>
<url-pattern>/servlet/IconFileUploader</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>BrandingImport</servlet-name>
<display-name>BrandingImport Servlet</display-name>
<servlet-class>com.netxposure.products.imageportal.webservice.flex.BrandingImportServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>BrandingImport</servlet-name>
<url-pattern>/servlet/ImportBranding</url-pattern>
</servlet-mapping>Where to find web.xml
Windows
C:\Program Files\NetXposure\webapps\ROOT\WEB-INF\web.xmlLinux
/opt/netx/webapps/ROOT/WEB-INF/web.xml