9 Replies Latest reply on Aug 11, 2014 7:25 AM by DanielShanahan

    FMS 13.04 - Security Issue?

    DanielShanahan

      Today, FileMaker Inc. announced an update to FMS 13. The email simply says, "This software addresses a security issue." I clicked the Learn more link in the email, but the software details simply reiterate "This software addresses a security issue."

       

      The previous update (.03) clearly stated the security issue (SSL). What is the security issue solved by .04?

        • 1. Re: FMS 13.04 - Security Issue?
          taylorsharpe

          The v3 update fixed some things on the Heartbleed vulnerability.  Someone at Devcon said an update was coming out to address a Java incompatibility in the latest version of Java and Filemaker Server and maybe that is what v4 was addressing.  Maybe someone in the know will speak up. 

          • 2. Re: FMS 13.04 - Security Issue?
            WayneMuelver

            What is even worse... When you click the link to learn more, the detail page includes a download link as you would expect. However, the download is of 13.0v3 not 13.0v4 like it says at the top of the page.

             

            Also, I just discovered that since installing 13.0v3 a couple of days ago, that all of my scripts that contain a create new record script step, fail to create the record.

            • 3. Re: FMS 13.04 - Security Issue?
              taylorsharpe

              Something sounds amiss.  I have not heard anyone else mention that and have not had a create new record problem in 13.0v3.  I would reinstall.  Or did you upgrade to 13.0v4 and it fix the problem?

              • 4. Re: FMS 13.04 - Security Issue?
                WayneMuelver

                My create record issue may be unrelated to 13.0v3, but in my troubleshooting so far it is the only common variable I have found that applies to every solution on my server. Before the update everything was fine, after every script in every solution fails to create new reocrds. I will of course continue troubleshooting. For what it is worth, I also have not seen anyone report on the missing 13.0v4 update either but you can easily verify it. Take a look.

                 

                Screen Shot 2014-08-07 at 1.19.53 PM.png

                • 5. Re: FMS 13.04 - Security Issue?
                  WayneMuelver

                  Ok, This is kind of embarrasing. I solved all of the issues but it took longer than it should have. I blame lack of sleep. I was concidering deleting the post, but just incase someone else stumbles into these issues I decided to leave them up. Here is what I found.

                   

                  The first issue related to the missing 13.0v4... I spoke to FileMaker technical support and it turns out that this was a matter of poor documentation. The column on the update page with the header of "Version" was intended to be a reference link to the previous version and was only put there because 13.0v4 requires that v3 be installed first. They figured that since it was required, having a link to it handy would be helpful but for some reason they put the link under the column that usually has the new version and added a new column for the new software. The button under the "Use This Software" column does in fact download version 4. Feedback to the documentation team has been submitted that the "Version" column header be changed to "Previous Version (Req)" and the "Use This Software" column header be changed to "13.0v4 Update" so that sleep deprived developers don't get confused.

                   

                  The second issue related to the inability to create records via a script step in 13.0v3 turns out to be coincidental. Although I was not able to figure out what caused it, I was able to solve the issue. In my additional troubleshooting I restarted the server machine again and observed that the FM Server admin console failed to restart. I attempted to restart it in Terminal and would only receive an error stating that the requested function was not found. I tried stoping the server, restarting the server, starting the server, and the same for the admin console. After multiple attempts the only fmsadmin functions I could get to work in Terminal were the help commands. So, I restarted the server machine a third time since installing 13.0v3 and low and behold, the admin console finally came back on by itself. I re-tested my create record scripts and they are all funtioning again. Hurray!

                  • 6. Re: FMS 13.04 - Security Issue?
                    DanielShanahan

                    I'm still curious what

                    "This software addresses a security issue."

                    means.  Anyone?

                    • 7. Re: FMS 13.04 - Security Issue?
                      taylorsharpe

                      Every once in a while one of my clients will have some unusual behavior in FileMaker.  Since it is so easy to reinstall, I jump to that solution quickly and it generally seems to fix many problems.  At least we can reimport the schedules and groups.  Too bad the rest of the Admin console settings can't be exported in say XML and reimported to make the install really quick. 

                       

                      Glad it is working for you now!

                      • 8. Re: FMS 13.04 - Security Issue?
                        DavidJondreau

                        It may be that FMI doesn't want to release that information because it would increase the risk of damage from the v3 vulnerability.

                        • 9. Re: FMS 13.04 - Security Issue?
                          DanielShanahan

                          Thanks David.  That makes sense.