Today we started rollout of version 4.3.3.1. This update addresses an issue reported by a number of customers with version 4.3.3 where users were occasionally unable to authenticate. This was particularly noticeable with usernames containing non-ASCII characters.

It also addresses a potential vulnerability in the Report Schedule user interface. It was possible for a logged-in Administrator to insert code into the Report Scheduler which, under certain circumstances, could launch a cross-site scripting attack against sites visited by another logged-in Administrator. Thanks to Matt Bergin at Korelogic for discovering this issue and reporting it to us.

For full details on the content of this update, see the release notes.