A security vulnerability in a third-party library used by RStudio Connect was uncovered during a security audit last week. We have confirmed that this vulnerability has not been used against any of the RStudio Connect instances we host, and are unaware of it being exploited on any customer deployments. Under certain conditions, this vulnerability could compromise the session of a user that was tricked into visiting a specially crafted URL. The issue affects all versions of RStudio Connect up to and including 22.214.171.124, but none of our other products. We have prepared a hotfix: v126.96.36.199.
RStudio remains committed to providing the most secure product possible. We regularly perform internal security audits against RStudio Connect in order to ensure the product’s security.
As part of the responsible disclosure process, we will provide additional details about the vulnerability and how to ensure that you have not been affected, in the coming weeks once customers have had time to update their systems. For now, please update your RStudio Connect installations to version 188.8.131.52 as soon as possible.
Welcome to the RStudio Community Monthly Events Roundup! In this post, we update you on the great community events happening at RStudio.
Welcome to rstudio.com/blog! We are excited to announce updates to the RStudio blog and can’t wait to share what’s possible with great data science tools.
In an upcoming webinar on November 17th, Solita will showcase how they successfully combined the strengths of RStudio and Tableau at one of Sweden’s largest government agencies.