Be sure to check our Hotfix instructions before starting the hotfix process.It might save you some trouble afterwards.
Fixed bugs:
Fixed bugs:
- Security (Critical) - Authorization bypass in the staging service - An issue in the staging endpoint allowed attackers to bypass authorization using forged requests. This attack can be misused to gain complete control over the Xperience instance. We strongly recommend applying this hotfix as soon as possible. This issue affects instances with enabled staging using username and password authentication. As a temporary workaround, administrators can either disable staging on target servers or use X.509 authentication, which is not vulnerable, and limit which external services can access the ‘/CMSPages/Staging/SyncServer.asmx’ endpoint.
- Page builder - Unused vulnerable dependency packages were removed from the Page builder and Form builder.