Blue Prism 6.6.3: January 2024

Database	332	This release requires the Blue Prism database to be this version. This is the same database version as 6.6.0.
Login Agent	6.6.3	There have been no functional updates to the Blue Prism Login Agent. The version of Login Agent that is provided with this release of Blue Prism has the same functionality as the version provided with Blue Prism 6.5.
Browser extensions (for Chrome and Firefox)	See Browser extension versions	For the latest compatibility information, see the browser compatibility matrix in the Blue Prism online help.
Data Gateways engine	1.1/1.4	The Data Gateways engine version 1.1 or 1.4 (recommended) must be installed to use Data Gateways with this version of Blue Prism. Download the installer from the Blue Prism Portal – select Product > Blue Prism Enterprise > Extras.

Applying this patch release

To upgrade to this version, this patch release must be applied to all the following components throughout your Blue Prism environment for it to be operational:

Interactive clients	Runtime resources	Application servers
Yes	Yes	Yes

Please review the upgrade notices for more details and before upgrading to this release.

Known issues

A list of any prominent issues with this release is maintained in the knowledge base – click here for more information.

Secure development policy

(Undefined variable: General.NoPipeCompanyName)’s secure development process is a market-leading, embedded security culture, focused on delivering security excellence through four key principles:

Education – Providing up-to-date knowledge, information, and training to the development team.
Evaluation – Regular reviews of our products using industry standard frameworks and security tools.
Elimination – Remove potential threats through the evaluation of standards, compliance, and performance.
Evolution – Continued improvement of our security program, ensuring alignment with our product technologies and by reacting effectively to new and emerging threats.

(Undefined variable: General.NoPipeCompanyName) secure development is based on OWASP ASVS, ISO 27034 and GDPR Article 25 standards and practices. For more information, see (Undefined variable: General.NoPipeCompanyName)'s comprehensive secure development process.

Fixes and minor improvements

Description of change	Reference
Blue Prism Enterprise 6.6.3 has been released to address the security vulnerability CVE‑2023‑4863. To address a potential issue related to the manipulation of web-based image elements of the type LibWebP, the CefSharp library has been removed. For full details of CVE‑2023‑4863, see Security Vulnerabilities on the customer portal, and the National Vulnerability Database.	BP-17064

Description of change

Reference

Blue Prism Enterprise 6.6.3 has been released to address the security vulnerability CVE‑2023‑4863. To address a potential issue related to the manipulation of web-based image elements of the type LibWebP, the CefSharp library has been removed.

For full details of CVE‑2023‑4863, see Security Vulnerabilities on the customer portal, and the National Vulnerability Database.

BP-17064

Browser extension versions

The table below shows when each Blue Prism extension, compatible with this release was introduced. For details of the latest browser versions Blue Prism is tested against, see the Browser extension compatibility matrix.

Browser	Blue Prism extension versions
Chrome	Blue Prism Browser Extension (2.1.0)
Firefox	Blue Prism Browser Extension (2.1.0)

	Click here to see the documentation for all Blue Prism products.
© 2024 Blue Prism Limited \| Last updated on 05 Jan 2024