July 1, 2019Dear JNBridge Customer, We would like to inform you of a vulnerability recently uncovered in JNBridgePro that effects all versions in certain use cases. The vulnerability was discovered by a security research firm working for a major OEM customer. When JNBridgePro is deployed using TCP/binary or HTTP/SOAP communications, it is possible for an unauthorized user to execute arbitrary code. For example, in the .NET-to-Java direction, an unauthorized user can access any API on the Java side, including Runtime.exec(). It is not necessary to have the proxies to access these APIs; an unauthorized application could mimic the JNBridge binary and HTTP protocols. A similar exploit exists in the Java-to-.NET direction. The problem does not exist when using shared memory communications, as these cross-platform requests can only be made from the same process. You do not need to apply the patch if your JNBridgePro application using is using shared memory and you always intend to use shared memory. For all other scenarios, we recommend applying the patch.Company*Name* First Last Email* Which version of JNBridgePro are you using?*10.09.08.28.18.07.37.2Please contact email@example.com if your version is not listed above.EmailThis field is for validation purposes and should be left unchanged.