FileMaker Server 14.0.4 Security Updates

FileMaker Server 14.0.4 Security Updates 2015/12/20 Lightning Talk in FM-Tokyo Atsushi Matsuo (Emic Corporation)

FileMaker Server 14.0.4

FileMaker Server 14.0.4 • Includes security updates - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15364

FileMaker Server 14.0.4 1. Addressed an issue related to the expiration of the default SSL certificate. - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15364

FileMaker Server 14.0.4 2. Addressed an issue with the Technology Tests page link that tests Custom Web Publishing with PHP. - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15364

FileMaker Server 14.0.4 • Fix XSS of the Technology Tests page that tests Custom Web Publishing with PHP • Affected: FileMaker Server 9, 10, 11, 12, 13, 14.0.1, 14.0.2, 14.0.3 (when enabling Custom Web Publishing with PHP) • Workaround: Remove "phptest.php" file - from results of my investigation

FileMaker Server 14.0.4 3. For FileMaker WebDirect and Custom Web Publishing content to display in <iframe> tags of separate webpages, those webpages must also be hosted by the FileMaker Server web server. Webpages hosted by other web servers cannot use the <iframe> tag to embed FileMaker WebDirect and Custom Web Publishing content. - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15364

FileMaker Server 14.0.4 • The web server of FileMaker Server 14.0.4 outputs "X-Frame-Options: SAMEORIGIN" HTTP header in order to prevente clickjacking - from results of my investigation

FileMaker Server 14.0.4a

FileMaker Server 14.0.4a Software Patch • This software provides security fixes for FileMaker Server 14.0.4 - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15413

FileMaker Server 14.0.4a Software Patch 1. Updates the third-party component OpenSSL. - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15413

FileMaker Server 14.0.4a Software Patch 2. Updates the third-party component Java to Java 8 Update 66, including a critical patch update. - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15413

FileMaker Server 14.0.4a Software Patch 3. OS X El Capitan version 10.11: Addressed an issue where scripts using the Insert From URL script step returned an SSL certificate error. - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15413

FileMaker Server 14.0.4a Software Patch • If you apply this software patch to your FileMaker Server 14 installation, you will enhance the security of your server. But with this patch applied, if you enable the Use SSL for database connections setting in Admin Console, clients using FileMaker Pro 12 or FileMaker Go 12 will no longer be able to connect to solutions hosted by your server. - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/15413

FileMaker 14.0.4

FileMaker 14.0.4 • FileMaker 14.0.4 includes changes to the interaction between clients (FileMaker Pro and FileMaker Go) and hosts (FileMaker Server) • the important security and product issue fixes require updating both clients and hosts to FileMaker 14.0.4 in order to fully implement the fixes - from FileMaker Knowldge Base

• https://help.filemaker.com/app/answers/detail/a_id/15337

FileMaker, Inc. support policy • Product updates are only offered for our current products, and includes: • • • Security updates Bug fixes Operating system compatibility updates - from FileMaker Knowldge Base

• http://help.filemaker.com/app/answers/detail/a_id/5757