This section outlines issues tracked and fixed by the MOVEit product team for the September 2023.0.6 service pack.

ID

Category

Fixed Issue
69018 Installer Maintenance update of MySQL database.
70103 SSH/Security Improved handling of long usernames when writing log entries.
70252 Server/Security Applied best practice for loading libraries.
70564 Certificate/Server TLS/SSL certificate could not be uploaded if there are other certs in the info table ("CA" cert).
71353 Server/Utilities Sysadmin password reset utility not supported.
70732 Server Handle transactions to block malformed queries.
70780 WebUI/Security Adjustments to align with best practices when viewing dynamic scan results.
71019 Performance/Security Improvements to upload size using WebUI.
71109 Database/Security SQL injection possible for authorized sysadmin user.
71263 Database/Security Authenticated SQL injection possible through machine interface.
71319 WebUI/Security Added user-permissions checks and handling for multi-org deployments that use the WebUI.
71322 SFTP/Performance Python scripts might see slower download speeds for large files.
71325 LDAP/Security/WebUI Improvements to handle multi-org permission scope with deployments using LDAP or RADIUS.
71587 Server/Authentication Additional session hardening.
71665 Server/AdminUI Self-serve certificate code improvements.
71762 Server/Database/Groups GroupAdmins get a SQL exception when adding a user to a group (Ambiguous column name 'Username').
72212 Server/Security Certificate logging improvements.
72231 WebUI/Security Fixed medium vulnerability found in Ad Hoc UI send functionality.
72252 Server/Security Cloned users can inherit permissions from the user template.