Adobe Connect 11.4.6 Security Settings could Potentially Delete Content when using Shared Storage.

Adobe Connect 11.4.6 may delete PPTX & zip content automatically when using shared storage.

This is fixed in 11.4.6a posted on Jan 24, 2023; if you have already installed 11.4.6, do not bother with the patch as the fix is very simple.

To fix this, in \appserv\conf\config.ini there is an EXECUTABLE_FILE_TYPES parameter that has php at the very end of it; remove the PHP reference.

Instead of:
EXECUTABLE_FILE_TYPES=action,apk,app,bat,bin,cmd,com,command,cpl
,csh,exe,gadget,inf,ins,inx,ipa,isu,job,jse,ksh,lnk,msc,msi,msp,mst
,osx,out,paf,pif,prg,ps1,reg,rgs,run,sct,shb,shs,u3p,vb,vbe,vbscript
,workflow,ws,wsf,jsp,jspx,php

It should read:
EXECUTABLE_FILE_TYPES=action,apk,app,bat,bin,cmd,com,command,cpl
,csh,exe,gadget,inf,ins,inx,ipa,isu,job,jse,ksh,lnk,msc,msi,msp
,mst,osx,out,paf,pif,prg,ps1,reg,rgs,run,sct,shb,shs,u3p,vb,vbe,
vbscript,workflow,ws,wsf,jsp,jspx

After making this change and saving the config.ini, reload the system with the following command: http://localhost:8510/api/xml?action=config-settings-reload

Do this on each node in any clustered deployment.

This issue is fixed in 11.4.6a and is posted as of Jan. 24, 2023. The download link still reads 11.4.6 but when you install it, the version.txt will read 11.4.6a. We just wanted to make sure we could see the designation, so we know whether the fix was in place. It was such a minor change, but potentially a nagging issue if unaddressed. If you follow this tech-note, there is no reason to deploy 11.4.6a over 11.4.6.

Note that while the version.txt will read 11.4.6a, the DB will read 11.4.5:

https://connect-domain-name/version.txt: patch=CPS_11.4.6a_11.4.5.0.215_11.4.6a.20

Database version table: