Skip to content

3.2.3

Latest
Compare
Choose a tag to compare
@sfmskywalker sfmskywalker released this 31 Oct 19:14
· 389 commits to main since this release

🚨 Elsa 3.2.3 Patch Release - Security Update

We are releasing Elsa 3.2.3 as an urgent security patch. A critical vulnerability was discovered in the real-time workflow functionality that necessitates immediate action.

Summary

This patch addresses a security vulnerability related to real-time workflow updates via SignalR. To mitigate this issue, we recommend updating your Elsa Workflow Server project.

In the mean time, and or if you are not ready to upgrade, make the following changes:

Action Required

Open your Elsa Workflow Server project.
Locate and comment out the following lines of code:

elsa.UseRealTimeWorkflows();
app.UseWorkflowsSignalRHubs();

By commenting out these lines, you will disable the real-time workflow updates and prevent potential exploits until a permanent fix is available.

Important Note

Elsa Studio will remain functionally operational, as it will fall back to a polling mechanism instead of realtime updates via SignalR.

We strongly urge all developers to apply this patch and take the necessary measures as outlined above to secure their applications.

Full Changelog: 3.2.2...3.2.3