Overview
The IT Portal recently received a security update addressing a critical bug in access control list (ACL) enforcement. The cloud version is already updated, and on-premises installations are recommended to update when feasible.
The Issue
A company security setting was not being properly enforced for users accessing the system through the browser extension. The problem specifically affected this particular configuration control, though all other ACL settings are working as expected.
The vulnerability meant that organizations relying on this specific security setting to restrict access would find the control ineffective for browser extension users. This could potentially expose systems to unauthorized access if that setting was a key part of your security posture.
Recommendation
Organizations using on-premises deployments of the IT Portal—particularly those who have configured the affected security setting—should prioritize updating to the latest version. The update ensures that the ACL setting applies consistently across all access methods, including the browser extension.
No action is required for cloud-based users, as that environment has already been patched.
