frevvo Latest - This documentation is for frevvo v10.1. Not for you? Earlier documentation is available too.
GA Release Matrix
The table lists the latest frevvo released versions.Product Version Matrix
Product Latest Version Release Date Release Notes frevvo Cloud v10.3.3 08/09/2022 Detailed Release Notes frevvo On Premise v10.1.19 06/24/2022 Detailed Release Notes frevvo for Confluence v10.1.19 06/24/2022 Detailed Release Notes frevvo Confluence Plugin see ref
Confluence Add-on Release Notes frevvo Database Connector v2.6.4
2/2/2022
frevvo Filesystem Connector v.1.3.1 2/1/2022 Filesystem Connector Release Notes frevvo Google Connector v3.0.6 2/1/2022
Google Connector Release Notes frevvo SharePoint Connector v1.1.4 2/1/2022 SharePoint Connector Release Notes frevvo API .NET Client see ref
Product Version Matrix
| Product | Latest Version | Release Date | Release Notes |
|---|---|---|---|
| frevvo Cloud | v10.3.3 | 08/09/2022 | Detailed Release Notes |
| frevvo On Premise | v10.1.19 | 06/24/2022 | Detailed Release Notes |
| frevvo for Confluence | v10.1.19 | 06/24/2022 | Detailed Release Notes |
| frevvo Confluence Plugin | see ref | Confluence Add-on Release Notes | |
| frevvo Database Connector | v2.6.4 | 2/2/2022 | |
| frevvo Filesystem Connector | v.1.3.1 | 2/1/2022 | Filesystem Connector Release Notes |
| frevvo Google Connector | v3.0.6 | 2/1/2022 | Google Connector Release Notes |
| frevvo SharePoint Connector | v1.1.4 | 2/1/2022 | SharePoint Connector Release Notes |
| frevvo API .NET Client | see ref |
frevvo™ v10.1
Cloud Upgrade: June 26, 2021
frevvo v10.1 is a major Cloud only release. Please see the Detailed Release Notes for specific version enhancements and tickets fixed.
Security Vulnerabilities
The following security vulnerabilities have been addressed as follows:
- Man in the middle - This has to do with executing the CGI Servlet. This servlet is disabled in the frevvo Apache tomcat distribution. Customers who choose to enable the servlet are responsible for ensuring security viz. adding filter etc.
Version Disclosures - Resolved by configuring the ErrorReportValve in \frevvo\tomcat\conf\server.xml file (in the Host section) as described in this Apache tomcat website. The parameter that needs to be modified is:
<Valve className="org.apache.catalina.valves.ErrorReportValve" showServerInfo="false"/>
X-Frame-Options Header Not Set - Resolved by modification at the tomcat level. In-house customers can uncomment the HttpHeaderSecurityFilter provided in the tomcat web.xml. The filter is documented here. Specify the appropriate X-Frame-Options value in the antiClickJackingOption parameter - (SAMEORIGIN or ALLOW-FROM).
Setting this parameter to SAMEORIGIN may interfere when embedding frevvo forms/flows in your website. Use ALLOW-FROM instead.Click the appropriate link below for filter examples.
- v10.1.11 Mitigation applied to Address Critical RCE (log4j / solr) Vulnerability Under Exploitation. The SOLR version on will be upgraded in a future release. Security checks may flag this vulnerability based on the version alone; however as long as you are running v10.1.11+ or you have applied the mitigation described in this article, you are not exposed to this vulnerability.
- CVE-2022-22965 Java Spring Vulnerability is addressed for On Premise customers by a tomcat upgrade to v9.0.62 (See frevvo v10.1.15 release notes.) The CVE-2022-22965 vulnerability does not impact frevvo Cloud because frevvo/connectors are not packaged as a traditional WAR. Additionally, frevvo does not use @ModelAttribute in frevvo/connector and does not have any default binding, so no further mitigation steps are required.
Overview
Content Tools