RStudio Connect v1.6.4.2 - Security Update

This is a companion discussion topic for the original entry at https://www.rstudio.com/blog/rstudio-connect-v1-6-4-2-security-update


A security vulnerability in a third-party library used by RStudio Connect was uncovered during a security audit last week. We have confirmed that this vulnerability has not been used against any of the RStudio Connect instances we host, and are unaware of it being exploited on any customer deployments. Under certain conditions, this vulnerability could compromise the session of a user that was tricked into visiting a specially crafted URL. The issue affects all versions of RStudio Connect up to and including 1.