x Want to participate? Join the group to interact
  • Replies 0 replies
  • Subscribers 9 subscribers
  • Views 849 views
  • Users 0 members are here
Browse Forums
Announcements
220
topics
26
replies
General Discussion
588
topics
1k
replies
HR General Discussion
228
topics
155
replies
AndrewV

Sage X3 Security Hotfix (Node.js vulnerability)

Posted By

A Sage X3 security fix for Sage X3, Sage X3 HR and Payroll and Sage X3 Warehousing has been issued on March 12th 2021. This security fix is related to a 3rd party component Node.js

The Sage X3 security fix applies to the Sage X3 web server (Syracuse) and deploys the latest version of note.JS.

The hotfixes can be downloaded on our ftp site.

1. Sage X3 V12, Sage X3 HR & Payroll V12 and Sage X3 Warehousing V12

Hotfix-syracuseserver-12-10-1-6-security-fix

This Syracuse hotfix is compatible with 2020 R1, R2, R3, R4 and 2021 R1, in line with the Sage X3 Lifecycle Policy. It cannot be applied to 2019 R5 or earlier.

This Syracuse hotfix includes the replacement of Flash components, especially the Visual Process display and editor.

If your current release is 2020 R2 or 2020 R1, in addition to installing the Syracuse hotfix you will also need to:

  • Install the following application hotfixes: 
    Sage X3: WX_195292_R090_023.zip and  WX_VP_R090_024.zip
    Sage X3 HR & Payroll: WP_195292_R090_023.zip and WP_VP_R090_024.zip
    Sage X3 Warehousing:  WG_VP_R090_024.zip
  • Review your Sage X3 Visual Processes (if used) to check for any adaptation if necessary.

If your current release is 2020 R3, in addition to installing the Syracuse hotfix you will also need to:

  • Install the following application hotfixes:
    Sage X3: WX_VP_R090_024.zip
    Sage X3 HR & Payroll: WP_VP_R090_024.zip
    Sage X3 Warehousing: N/A (No 2020 R3 Release for Sage X3 Warehousing)
  • Review your Sage X3 Visual Processes (if used) to check for any adaptation if necessary.

For 2020 R4 or later releases, just install the Syracuse hotfix.

2. Sage X3 V11 and Sage X3 Warehousing V11:

Hotfix-syracuseserver-11-25-1-2-security-fix

If you use Visual Processes and you run Sage X3 V11 P14 or earlier, Sage will not guarantee compatibility and we strongly recommend that you patch to the latest patch level (P15 at the minimum).

 If your current patch level is P18 (V11.0.18), in addition to installing the Syracuse hotfix you also need to:

  • Install the following application hotfixes: WX_07014_R080.zip and WX_07016_R080.zip

  • Review your Sage X3 Visual Processes (if used) to check for any adaptation if necessary.

 If your current patch level is earlier than P18 (V11.0.18), in addition to installing the Syracuse hotfix you also need to:

  • Install the following application hotfixes: these hotfixes (EXTRACT_X3_1.11.0_6828.zip) & (EXTRACT_X3_1.11.0_6946.zip )  and these hotfixes  (WX_07014_R080.zip  & WX_07016_R080.zip )

  • Review your Sage X3 Visual Processes (if used) to check for any adaptation if necessary

For V11 patch 19, just install the Syracuse hotfix.

3. Sage X3 V9:

Hotfix-syracuseserver-9-22-7-2-security-fix

This Syracuse hotfix does not include the replacement of Flash components.

 

4. Sage X3 HR & Payroll V9:

Hotfix_syracuseserver-9-24-1-3---for-sage-x3-hr-payroll-pu9-only

This Syracuse hotfix is compatible with Sage X3 HR & Payroll P19 and P20.

*Community Hub is the new name for Sage City