The Ruby on the Rails vulnerability was addressed for version 7 and version 8. You are correct that it only affected version 8 during the beta and by the time of release both versions 7 and 8 had releases that addressed the vulnerability. If you have the latest build of either 7 or 8 -- that's not a concern. I'm not aware of any other outstanding security vulnerabilities.
I'll second Joshua's response. If there was a security issue Tableau Support would let me know (well, the account I'm responsible for) and I've not recieved any.
Hmm...and I haven't received any...yeah, I think that's more readable.
Corey, (Joshua & Toby) am I missing something here? Your original concern was about "Security Vulnerabilities in Desktop/Reader 8", correct?
There is NO security with Reader. Anyone can easily open a twbx file.
Again I ask -- am I missing the point?
You are right. The Ruby on the Rails vulnerability applied only to Tableau Server. Tableau Reader is not secure in the sense that any data in a .twbx data can be read and cannot be hidden.
Tableau Server can lock the data down so that only authorized users can see it and can only see the data they are allowed to. The ability to download a workbook can be turned off, but if users are allowed to download a packaged workbook, then they would be able to distribute it freely. (Of course nothings completely foolproof, they could always just capture a screen shot of sensitive data and send that to someone you wouldn't want to see it.)
Thanks for all the responses. Makes sense that desktop and reader only would not normally imply a security requirement.