R News

Shiny Server (Pro) 1.4.6

by RStudio | Open source & professional software for data science teams on RStudio · September 22, 2016

This article is originally published at https://www.rstudio.com/blog/

We’ve just released Shiny Server and Shiny Server Pro 1.4.6. Relative to 1.4.2, our previously blogged-about version, the 1.4.6 release primarily includes bug fixes, and mitigations for low-severity security issues found by penetration testing. The full list of changes is after the jump.

If you’re running a Shiny Server Pro release that is older than 1.4.3 and are configured to use SSL/TLS, it’s especially important that you upgrade, as the versions of Node.js that are bundled with Shiny Server Pro 1.4.3 and earlier include vulnerable versions of OpenSSL.

Shiny Server (Open Source): Download now

Shiny Server Pro: If you already have a license or evaluation key, please upgrade now. Otherwise, you can start a free 45-day evaluation.

Shiny Server Pro 1.4.6

Bug fix release.

Fix a bug where a 404 response on some URLs could cause the server to exit with an unhandled exception.

Shiny Server Pro 1.4.5

Security release to fix minor issues raised in penetration test results.

Add disable_login_autocomplete directive that can be used to instruct browsers not to attempt to autocomplete on the login screen. Note that servers can only suggest this behavior to browsers (and in particular, Google Chrome chooses not to comply, as its developers argue that disabling autocomplete decreases security rather than increasing it).
Add opt-in clickjacking protection via frame_options directive. Login and /admin URLs now served with X-Frame-Options: DENY (the former can be opted out with an auth_frame_options allow; directive).
Fix open redirection on login. Previously, a URL created with malicious intent could cause you to go to an arbitrary URL after successful login. Now, it is only possible to be redirected to a path on Shiny Server.
Add Cross-Site Request Forgery (CSRF) protection to login and other POST operations.

Shiny Server Pro 1.4.4

Fix fatal EBADF error that could cause server crashes.
Updated PAM integration to resolve bug with asynchronous PAM modules like pam_ldap, pam_vas, and nss_ldap.
Upgrade to Node.js v0.10.46 (security patches).

Shiny Server Pro 1.4.3

Added proxied authentication mechanism via the auth_proxy option.
Upgrade to Node.js v0.10.45 (primarily for updated OpenSSL).

Thanks for visiting r-craft.org
This article is originally published at https://www.rstudio.com/blog/
Please visit source website for post related comments.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Shiny Server (Pro) 1.4.6

You may also like...

Categories

Shiny Server (Pro) 1.4.6

Shiny Server Pro 1.4.6

Shiny Server Pro 1.4.5

Shiny Server Pro 1.4.4

Shiny Server Pro 1.4.3

You may also like...

RStudio 1.3 Preview: Integrated Tutorials

Announcing the release of my e-book: Introduction to Empirical Bayes

Flexible Beta Modeling

Categories