This release fixes the following issues.
| Work Order | Description |
|---|---|
| NSWA-1303 | Fixed an issue in which reports were vulnerable to remote command injections by using the “token” parameter as described in CVE-2017-6184. This issue was reported by Russell Sanford at Critical Start. |
| NSWA-1304 | Fixed an issue in which reports were vulnerable to remote command injections through functions as described in CVE-2017-6182. This issue was reported by Russell Sanford at Critical Start. |
| NSWA-1305 | Fixed an issue in which reports were vulnerable to remote command injections using parameters. |
| NSWA-1310 | Fixed an issue in which users were able to log in using fixed session IDs as described in CVE-2017-6412. This issue was reported by Kapil Khot at Qualys. |
| NSWA-1314 | Fixed an issue in which the Active Directory configuration was vulnerable to remote command injections as described in CVE-2017-6183. This issue was reported by Russell Sanford at Critical Start. |