Version 3.1.5 (03)

What's new in this release?

  • Resolved issue
  • This release resolved an issue to address a security vulnerability. This vulnerability could allow an authenticated user to elevate their privileges through the web interface. If exploited, VidyoReplay data could be accessible to such user. This data includes, but is not limited to, the following:
  • Recordings
  • SSL certificates
  • Configuration information
  • Please note that Vidyo is not aware of any exploitation of this vulnerability.
  • To address this issue, Vidyo has released VidyoReplay version 3.1.5(03). We strongly advise you to download rp-TAG_RP_3_1_5_03-signed.vidyo and upgrade your VidyoReplay. For instructions about how to upgrade, refer to the Upgrading Your VidyoReplay section of the VidyoReplay Administrator Guide. Installing version 3.1.5 (03) restarts VidyoReplay; therefore, any on-going recordings will be dropped.
  • Important notices
  • As a reminder, starting with VidyoReplay version 3.1.4, for security reasons, support for mounting NAS’s over SMBv1 has been deprecated. Before upgrading, please ensure that your NAS supports SMBv2.1 or later.
  • For information on how to upgrade to VidyoReplay version 3.1.5 (03) from the version you are currently running, refer to the Upgrade Steps Lookup Tool article. This article lists the steps you need to take for your particular version, including which Security Updates you may need to install.
  • Important bug fixes
  • In this release, we've addressed some important issues to improve usability and reliability.
  • System updates
  • For added security and stability, updates for multiple third-party packages and libraries are included as part of this release.

Files

This file...

Should be applied on top of...

rp-TAG_RP_3_1_5_03-signed.vidyo

VidyoReplay version 3.x

Important notices

  • You must apply VidyoReplay version 3.1.5 (03) on top of VidyoReplay version 3.x. If you have a VidyoReplay version earlier than 3.x, you must first upgrade to 3.x, then incrementally upgrade versions to version 3.1.5 (03). Once you have done so, refer to the Upgrade a VidyoReplay Cluster to 3.1.5 (03) section below. These steps must be completed in order.
  • Multiple Super users can be managed only from the Active Controller in a VidyoReplay cluster.

Upgrade a VidyoReplay cluster to 3.1.5 (03)

Due to the database changes required for this new feature, the procedure for upgrading an existing Replay cluster is the following:

  1. Upgrade all recording nodes in the cluster. Note: You cannot log in to recorder nodes until the entire cluster upgrade is completed.
  2. Log in to each controller and reconfigure them as standalone.
  3. Log in to each standalone cluster and perform the upgrade.
  4. Log in to the old active controller and reconfigure it in cluster mode. The machine will reboot. Check the portal to see if the machine is properly registered.
  5. Once registered, you can log in with the default user (‘super’). The Users tab should be visible. The Settings > Cluster > Component Status page should show the current machine as an active controller with all the recorders present.
  6. Log in to the old standby controller and reconfigure it in cluster mode. The machine will reboot.
  7. The active controller page located at Settings > Cluster > Component Status should now show the successful replication and that both controllers are currently online.
  8. You can now log in via the UI on any machine in the cluster.

Notes:

  • We recommend taking a snapshot of the machines using VidyoConsole, or via VMware if using a virtual machine.
  • It is mandatory to perform the above procedure step-by-step. Failure to do so may result in unexpected results, including the inability to log in. In such cases, you can revert to a previous snapshot.
  • If a recorder node is reconfigured as standalone, the Users database is cleared and the default username/password combination may be used to log in.
  • If a controller is reconfigured as standalone, the Users database remains untouched.

Compatibility

VidyoReplay version 3.1.5 (03) is compatible with VidyoPortal versions 3.x and later.

If your organization has an on-premises VidyoPortal (rather than a cloud subscription), refer to the Vidyo compatibility matrix to determine which endpoint versions are compatible with your VidyoReplay release.

Resolved issues

The following table lists the issues we have resolved in VidyoReplay version 3.1.5 (03).

VidyoReplay version 3.1.5 (03) - resolved issues

Key

Summary

RPLY-1030

We fixed an access control issue which allows an authenticated user to elevate their privilege level.

Known issues

There are no new known issues for this release; however, to view the previous known issues, please see the known issues for VidyoReplay section.