There are a lot of moving parts to software and hardware for security considerations. Keeping applications secure is a constantly moving target, with changes to operating systems, networks, third party programs, and many other considerations making the task difficult at best.
Hyland is constantly aware of the challenges involved in keeping their software secure. There are several independent companies that conduct vulnerability tests of major software in order to validate that information is safe, and also to report on vulnerabilities when they are found. Once a vulnerability is reported, Hyland takes steps to first verify the vulnerability, and if it is confirmed then implement changes as necessary to eliminate the potential threats.
How are these normally communicated?
Hyland posts information for security threats on their Community site in the Blog Posts, and through individual Security Bulletins when updated information is ready on specific topics.
To access a Blog section on the Community page, navigate to the product or service you are looking for information about and then click on the “Blog” tab at the top of the page. You can also use the Search box to find these pages, for example searching “R&D Blog” on Community will show a link to this page as well.
The Security Bulletins are available for specific threats that have been found and are published once Hyland has developed a release strategy for the threat identified. Bulletins will contain a summary of the root issue, the solution, the versions of OnBase affected, and the versions of OnBase that have a fix available to them. In some cases, a workaround solution is also provided if one is available for the issue.
Current Known Vulnerabilities (2020)
There were several alleged security vulnerabilities discovered in 2020, relating to public-facing websites. Hyland R&D immediately began an investigation into the potential threats and has subsequently been working to resolve these potential issues. A full report of the issue, including ongoing updates, is available on the Hyland Community site on their R&D Blog here.
As of Wednesday March 24, 2021, Hyland has released a number of Security Bulletins that are available via the link provided in the Blog post. Patch releases to fix these issues are available for OnBase 18 and EP3. There is also a link to an FAQ if you would like to provide feedback and have questions for the R&D department.
Bottom Line – What Does This Mean for Me?
As noted in the initial description of the Hyland R&D Blog post, it should be highlighted that these security vulnerabilities are only for users of public-access websites for use with OnBase.
Regardless of whether this will affect your current system or not, the Hyland recommendation is to keep your software solutions up to date at least within every 2 years. This ensures that your system remains compatible with ongoing changes in technology, and that you can take advantage of the latest upgrades to functionality and design.