Dear Aspera Customer,
Recently, CVE and other Internet security sources disclosed a critical vulnerability in the Ruby on Rails framework popular for web application development. Aspera uses affected versions of Ruby on Rails in our Console, faspex, and Shares applications. Please note that Connect Server does not use Ruby on Rails and thus is not vulnerable.
The vulnerability is described by the CVE at:
Aspera has made available a patch for each application that closes the vulnerability. We strongly advise that all customers running these applications apply the appropriate patch.
The patch application is simple, and instructions are provided within the downloadable zip file. If you have any questions, or would like assistance, please feel free to contact Aspera Support firstname.lastname@example.org.
You may download the patch from the following URLs:
The patches are compatible with the following General Release versions of these Aspera products:
faspex 2.6+ and faspex 3.0+
Console 1.6+ and Console 1.7+
While the patch may work with earlier application versions, Aspera cannot guarantee it. Therefore, we request that all customers upgrade to these minimum general release versions before applying the patch.
Thank you for your attention to this matter.