As part of a proactive security audit, we discovered and corrected a vulnerability introduced by an external library. We recommend all self-hosted installations of Humio update to the latest security release.
XML External Entity Injection
Status: Fixed in Humio 1.8.9 and 1.9.2
Fixed an issue related to XML External Entity Injection in our xml:PrettyPrint() function. The issue would have made it possible for an authenticated user to access files on the host system without having root privileges. We found no evidence that this exploit have been utilized on our cloud.