At GroupDocs, security is a top priority. As part of our ongoing security review process, we recently identified and addressed a security issue affecting certain self-hosted GroupDocs Cloud Docker images.

The issue involved insufficient validation of certain file-related requests within affected self-hosted Docker deployments, which under specific circumstances could result in unauthorized access to files.

The issue has been addressed and updated Docker images are now available. We strongly recommend all users and customers update to the latest available image versions as soon as possible.

Affected Self-Hosted Docker Images

The following self-hosted Docker images are affected:

  • GroupDocs.Viewer Cloud Self-Hosted Docker Image
  • GroupDocs.Conversion Cloud Self-Hosted Docker Image
  • GroupDocs.Comparison Cloud Self-Hosted Docker Image
  • GroupDocs.Merger Cloud Self-Hosted Docker Image
  • GroupDocs.Annotation Cloud Self-Hosted Docker Image
  • GroupDocs.Editor Cloud Self-Hosted Docker Image
  • GroupDocs.Signature Cloud Self-Hosted Docker Image

Who Is Affected?

This issue affects customers running the affected self-hosted Docker deployments. Customers using our hosted online APIs are not affected.

Required Action

Customers using the affected self-hosted Docker images should update to the latest available image versions immediately.

Updated Docker Images

Updated images are available through the normal distribution channels or the links below:

Additional Information

We would like to thank the security researcher who responsibly reported this issue and worked with us throughout the remediation process.

We continue to review our products and infrastructure as part of our ongoing commitment to security and responsible disclosure.

If you have any questions regarding this update, please contact us.