XNAT 1.7.5.4-1.7.5.6 Release Notes
The XNAT 1.7.5.6 release is a security hotfix release. This release addresses a single vulnerability that was reported to us by an external team. Details on the vulnerability will be published here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14276.
The 1.7.5.4 and 1.7.5.5 version releases of XNAT were preliminary attempts to address this issue. However, both were found to contain a vulnerability to XNAT systems running Java 7. The 1.7.5.6 release contains a fix for this issue in both Java 7 and Java 8 environments.
We strongly urge XNAT administrators to upgrade to this release immediately.
If you are currently running XNAT 1.7.5.3, there are no known or anticipated plugin compatibility issues introduced by XNAT 1.7.5.6. If you are running an earlier version of XNAT, we strongly recommend migrating to the latest version of XNAT to continue receiving security patches, performance upgrades, and new feature sets. Instructions on upgrading your XNAT can be found here: How To Upgrade XNAT.