On January 28th, the team behind the Ruby on Rails framework announced critical security vulnerabilities. Ruby on Rails is an open source web development framework which is used by Tableau Server, which is in turn affected by these vulnerabilities. You can read more about these vulnerabilities at http://weblog.rubyonrails.org. The Ruby on Rails team has released corrections to these vulnerabilities, which the Tableau Development team is incorporating into Tableau Server and is expecting to release version 7.0.13 including the Ruby on Rails framework patches by end of day February 5, 2013.
7.0.13 Expected to release February 5, 2013.
It is critical that all internet-facing Tableau Servers be updated with the correction to this vulnerability, and we recommend all on-premise Tableau Servers be upgraded as soon as possible after the release on February 5th. Our version 7.0.13 is the release which has this correction. There is no way to independently update just the Ruby on Rails framework in an existing Tableau Server installation. You are required to move to the full maintenance release update.
To perform the upgrade, first complete the Pre-Upgrade
Checklist procedures and then follow the steps outlined in the Upgrading
Tableau Server article.
To download the product, please use either the Customer
Portal or our download site.
Link for the Tableau Customer Portal directions: http://kb.tableausoftware.com/articles/knowledgebase/downloading-tableau-products
Link for the download site: https://licensing.tableausoftware.com/esdalt/
Until the 7.0.13 releases and you are able to perform the upgrade, we recommend following the steps in the KB article below daily to reduce the risk to your data stored in Tableau Server.