4.5.2 is a hotfix release and will be deployed this Thursday, 2nd of October.

Hotfix

  • Important - Fixes an iOS 8 bug in Safari which prevents iPad or iPhone users from opening create or edit dialogs.
  • Important - Resolves a configuration problem that could prevent Contact pages and Form Viewer web parts from sending email notifications.
  • Significantly faster updates to My Classes and My Groups listings when creating, following or leaving a class or group site.
  • Improves software and device compatibility for subscribing to secure calendars.
  • Fixes Calendar Subscription for all time zones and daylight savings settings. 
  • Fixes Site Directory web part scrolling when displaying numerous sub sites.
  • Fixes an InfoPath Form Services bug in the ribbon when using Internet Explorer.
  • Improvements to news, events and featured link summary templates.

Technical Bulletins

We have included a number of relevant technical bulletins below.

ShellShock Security Bug

Like the HeartBleed vulnerability before it, the ShellShock bug is a serious security vulnerability but does not impact Windows operating systems. SharePoint and SQL servers are not affected by this issue.


Mac OS X (fix available), and other Unix based systems are vulnerable, more information is available from US-Cert Alert (TA14-268A).

Safari for iOS 8 Login Bug

The recent iOS 8 update for iPads and iPhones contains a Windows authentication bug in Safari. The bug prevents users from successfully logging into a site after entering their username and password. The issue is present in the latest 8.0.2 release but has been fixed in the current iOS 8.1 beta. There's been no comment from Apple on an expected time frame for resolution.

Two workarounds are available for users experiencing the problem:

  • Use Chrome for iOS!
  • In Safari for iOS after login, and the page loading freezes, press the refresh icon or re-open the site in a new tab. 

Sunsetting SHA-1 Based Certificates

MicrosoftGoogle, and Mozilla have all recently deprecated support for SHA-1 based SSL certificates and plan to turn it off in 2017. Starting this November, HTTPS sites in Chrome using SHA-1 SSL certificates valid past January 2017, will no longer appear fully trusted in Chrome. You can test your certificates using an online SHA-1 testing tool



More Information

If you have any questions regarding the update process please see our original notice