Hi everyone,
We want to share an important security update regarding OttoFMS.
What happened:
During internal security testing, we identified a vulnerability affecting OttoFMS versions prior to 4.16.0 that allowed unauthenticated data overwrite.
We have no evidence that this vulnerability was exploited in the wild, however we treated this as a priority issue and moved quickly to address it.
What we did:
The issue has been fully resolved in OttoFMS version 4.16.0, which is now available.
If you manage OttoFMS yourself:
If you are running OttoFMS outside of the Ottomatic managed platform, we strongly recommend upgrading to version 4.16.0 as soon as possible. If you do not upgrade, you are at risk of losing your data.
Upgrade instructions are available here: OttoFMS - Updating OttoFMS
We recommend treating this as a priority update.
If your FileMaker Server is hosted on Ottomatic:
No action is required.
All Ottomatic-hosted FileMaker Servers have already been automatically updated to OttoFMS 4.16.0 as part of our managed security maintenance process. Your systems are already protected.
Our commitment:
Security transparency is important to us. When issues are identified, our goal is to remediate quickly, communicate clearly, and ensure customers have the information they need to stay protected.
If you have any questions, please reach out via the forum.
Thank you for being part of the community,
The Ottomatic by Proof+Geist Team