Skip to main content

Changelog

Updates, changes, and improvements at Retool.

4 posts tagged with "Security"

View All Tags

Removal of image download functionality for external app users

Julie Chen
Deployed Performance Engineer

Due to potential security concerns, Retool is removing certain functionality that enables external app users to download images. No security breach or active vulnerability has occurred, and you do not need to take any security-specific actions.

External and embedded, publicly available apps will no longer support:

  • Download Image columns in the Legacy Table component. Use an alternative method, such as a Link or Button column type, for image URL links. Retool strongly recommends you migrate to the current Table component instead.
  • Export PDFs with images hosted on separate domains. All other components will be included in the PDF export. Retool recommends moving your publicly-hosted images to be hosted on the same domain as your Retool instance. For example, you could use images that are natively uploaded to the Image component, stored in Retool Storage, stored in Retool Database, Base64-encoded, or stored in an Amazon S3 bucket.

These features are no longer available on Retool Cloud and Self-hosted Retool 3.114-edge or later. These features will be removed in the next stable release of Self-hosted Retool.

CVE-2024-3094

Retool is aware of CVE-2024-3094, a backdoor affecting versions 5.6.0 and 5.6.1 of xz-utils. Self-hosted Retool images are not affected, and no action is required. Retool Cloud infrastructure and services are not impacted.

If you have any questions or concerns, please reach out to security@retool.com.