For various revisions of DataFlex there are updates available that address a security issue in DebugBuffer.js.
This does not affect the usability of applications. However, hackers can potentially exploit the behavior making it a security risk that needs to be addressed.
This issue affects all versions of the DataFlex WebApp Framework (DataFlex Studio and DataFlex web applications running in production) and possibly deployments using the Ajax Library.
The vulnerability is quick to mitigate. It is highly recommended to remove both DebugBuffer.js and DebugBuffer.css files from any DataFlex web applications running in production.
Its also recommended for developers to upgrade their DataFlex Studio(s). When working with DataFlex Studio versions that are no longer supported, developers and system administrator can safely remove both DebugBuffer.js and DebugBuffer.css files.
Developers are encouraged to update DataFlex web applications running in production and DataFlex Studio(s) now!
When to perform this step:
How to:
When to perform this step: if your DataFlex Studio version is in the list below.
Please note that it is recommended to use recent and supported DataFlex version(s). Especially in web environments security updates are important. Look at the Current Products List for the officially supported DataFlex versions and platforms.
For further discussion, visit the DataFlex Web & Mobile Applications forum.