PowerSchool SIS version 188.8.131.52 is available as of December 11, 2023. When the installers are available for download, an announcement will be posted on PowerSchool SIS Release Notification on PowerSchool Community.
Apache Struts has been updated to version 2.5.33 to protect against CVE-2023-50164 that could result in Remote Code Execution (RCE).
PowerSchool strongly recommends upgrading your PowerSchool environment as soon as possible due to the nature of the security vulnerability that is resolved with this update.
ActiveMQ has been updated to version 5.16.7.
The recently announced CVE-2023-46604 applies when an attacker has access directly to the PowerSchool Message Service (broker). The ActiveMQ port should not be exposed to the internet per the PowerSchool Ports and Connections article and is a backend only service. The only ports that should be exposed to the internet are the standard HTTPS ports.
PowerSchool SIS comprises several software components, each versioned independently. This allows for greater flexibility of component updates as new features and bug fixes become available. Some updates may include dependencies between components. These dependencies will be communicated and built into the component update installers to prevent PowerSchool SIS from being misconfigured. The following table identifies the version number for each PowerSchool SIS component in this release compared to the previous release:
PowerSchool SIS Server
Amazon Corretto Java