A security defect was found in the current SSFE 2.1 Service Pack (SP) 1 Build 1496. By modifying the URL of a file’s shareable link, an unauthenticated user can download the whole folder without logging in to SafeSync.
Who is Affected?
The defect exists in SSFE 2.1 SP1 Server Build 1496 caused by the new feature that introduces multiple file. However, SSFE 2.1 GM and Patch 1 builds are not affected.
For existing SSFE 2.1 SP1 installations, apply Critical Patch Build 1557 to fix this defect. SSFE 2.1 SP1 installer as well as the migration package are also repacked to include the fix to the issue.