Please verify the Tasks & associated Triggers after installing the update. Due to a bug in previous versions, customers may have been led to define multiple redundant triggers for the same task!
(since 2024.2.5)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.6
Two separate vulnerabilities CVE-2025-31650 and CVE-2025-31651 have been disclosed, affecting the Tomcat Web Application Server.
A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.5 of Data Management Center that includes a patched version of Apache Tomcat.
Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.
(since 2024.2.4)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.5
Upgrade to Spring Boot 3.4.4 including embedded Tomcat 10.1.39 to avoid potential issues with CVE-2025-24813
(since 2024.2.3)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.4
A vulnerability CVE-2025-24813 has been disclosed, affecting the Tomcat Web Application Server.
A version of Tomcat it is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options.
While the vulnerability is flagged as potentially having a critical impact, the published information lists very specific preconditions. Based on our understanding, the information disclosure and remote code execution scenarios depend (among others) on the following preconditions being met:
Both of these are not given in the INFOMOTION Data Management Center:
Nonetheless, we will be releasing an updated version 2024.2.4 of Data Management Center shortly that includes a patched version of Apache Tomcat.
Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.
Allow users to choose .xlsm files for upload
Use base image containing shell & mkdir for DMC container build
(since 2024.2.2)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.3
Properly report all columns if multiple required columns are missing
(since 2024.2.1)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.2
(since 2024.2.0)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.1
Oracle has published a Security Advisories for Java as part of it's Januar 2025 Critical Patch Update Advisory that is relevant for INFOMOTION Data Management center under certain conditions:
CVE-2025-21502 has been classified by Oracle as a low-impact and high-complexity attack on Java versions up to 17.0.13. Unfortunately, there is not enough information available yet to be able to asses if and how INFOMOTION Data Management Center might be affected by the issue in the underlying JRE.
As a precaution we are releasing an updated DMC version 2024.2.1.
In addition to two bugfixes (see release notes), the container images published for this patch update the JRE to version 17.0.14 which, according to the published information, is not affected by either CVE.
If you have further questions, please create a DMC support ticket via eMail.
Please note that built-in database authentication does not enforce password policies and support multi-factor authentication - both which are strongly recommended for production use.
Due to this, database authentication will not be enabled by default starting with release 2024.2
If you want to continue using this functionality, you will need to explicitly enable it by setting DMC_AUTH.
For details see the Documentation"documentation".
(since 2024.1.6)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.0
The Spring project has published a Security Advisory concerning Spring Framework, an open-source library used by INFOMOTION Data Management Center.
Based on our analysis and the available information, the relevant vulnerability CVE-2024-38828 does not affect INFOMOTION Data Management Center.
The vulnerable components of Spring Framework ("Spring MVC controller methods with an @RequestBody byte[] method parameter")
are not used by our application.
If you have further questions, please create a DMC support ticket via eMail.
Revert paginator to show row numbers instead of page numbers
Upgrade Spring Framework out of caution relating to CVE-2024-38819
(since 2024.1.5)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.1.6
The Spring project has published a Security Advisory concerning Spring Framework, an open-source library used by INFOMOTION Data Management Center.
It describes a new vulnerability, similar to CVE-2024-38816 which we have previously reported on.
Based on our analysis, this new vulnerability CVE-2024-38819 does not affect INFOMOTION Data Management Center, since our application does not use the vulnerable "functional" components of Spring Framework.
If you have further questions, please create a DMC support ticket via eMail.
Frontend improvements for long-running operations (delete multiple tables, import deployment set)
(since 2023.2.7)
Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.8
Frontend improvements for long-running operations (delete multiple tables, import deployment set)
(since 2024.1.4)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.1.5
A security advisory has been published for
the DOMPurify open-source library used by an optional part (swagger-ui) of the "Spring Docs" framework for making API documentation
available in DMC since version 2023.2.
Please note that "Spring Docs" is included in DMC, but disabled by default. Also, the vulnerability only affects the "Swagger" API-Testing frontend included in Spring Docs, which is neither an officially supported feature of DMC nor something users usually interact with.
Based on our understanding, a cross-site-scripting attack would only be possible if all the following conditions are met:
DMC_ENABLE_OPENAPI flag is set to trueDMC_ENABLE_OPENAPI is currently set to true, it is recommended to switch it to false until a patch has been
applied.The Swagger API-Testing frontend has been removed, thereby eliminating the issue, in DMC 2023.2.7 and 2024.1.4.
All officially supported DMC functionality is unaffected by this change.
Remove unneccessary swagger-ui dependency due to CVE-2024-45801
Make default column mappings case-insensitive (like all column mappings)
(since 2023.2.6)
Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.7
Remove unneccessary swagger-ui dependency due to CVE-2024-45801
(since 2024.1.3)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.1.4
Make default column mappings during import case-insensitive like all other import mappings
Fix an error occurring when sorting by hist_from in specific cases for MSSQL database
(since 2024.1.2)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.1.3
The Spring project has published a Security Advisory concerning Spring Framework, an open-source library used by INFOMOTION Data Management Center.
Based on our analysis, the relevant vulnerability CVE-2024-38816 does not affect INFOMOTION Data Management Center as long as it is deployed according to specification:
RouterFunctions, the vulnerable component of Spring Framework.If you have further questions, please create a DMC support ticket via eMail.
Fix permissions check when editing table/data permissions
Fix displaying deleted records with very long texts in historical view
Correct import of tables with names ending in digits
Update to Spring 5.3.38 because of CVE-2024-38809
(since 2023.2.5)
Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.6