Tableau Server 8.0.7

Corrected a security vulnerability in the data server.

Changes made to a published data source would intermittently not be reflected when accessing the data source using Edit on Tableau Server. Opening the data source in Tableau Desktop would show the changes correctly.

Resolved a privately reported blind SQL injection vulnerability in Tableau Server. The vulnerability could have allowed arbitrary SQL commands to be passed to the Tableau Server backend database for execution. An attacker who successfully exploited the vulnerability could have taken complete control of an instance of Tableau Server. An attacker would have needed valid credentials or the guest account would have had to have been enabled to exploit this vulnerability. This vulnerability is rated Critical for 8.0.x and 8.1.x versions of Tableau Server, and customers are urged to upgrade at their earliest opportunity. Tableau has not received any information to indicate that this vulnerability has been publicly used to attack customers at the time this update was released. Tableau would like to thank Tanya Secker and Christiaan Esterhuizen of Trustwave SpiderLabs for identifying and reporting this issue (CVE-2014-1204) and for working with us to help protect our customers.

Corrected a security vulnerability in the Tableau Server permission functionality.

Tableau Server users were not able to select All in a single value filter without first selecting another value.

Restoring a Tableau Server backup file (.tsbak) sometimes resulted in user groups being duplicated and renamed.

Workbooks sometimes appeared to have missing data after Tableau Server was upgraded from version 7.0 to version 8.0 and extract refreshes were performed.

Tableau Server would stop working if a user filtered on a view and that view contained a discrete exact date field.

Hive Server 2 extracts published to Tableau Server would fail with an error of the following type: "Error occurred while initializing the Hive client." The problem would occur when Kerberos tickets were being used.

An indefinite spinner would display when accessing a view that was embedded via an Iframe, used trusted tickets, had the embed parameter set to no, and which prompted the user to authenticate.

On Tableau Server, users who have published or created workbooks or created projects retain publishing rights until they are no longer the project or workbook publisher. However, when a site or system administrator tries to deny such users publishing rights (which should not be possible), a message would appear saying "1 user denied publishing." The Permissions menu would continue to correctly show that these users as having publishing rights.

If a cube data source is published to Tableau Server with no username credential and is configured to prompt for credentials, signing in to the data source would eventually fail with an error of this type: "Database error 0x80004005: Errors in the OLE DB provider. Could not connect to the redirector. Ensure that the SQLBrowser service is running on the server."

Attempting to create a backup of a two-machine Tableau Server cluster in which the primary was running Windows Server 2008 (pre R2) would fail with the following error: "Skipping backup since is user maintained and distinct from ."

On Tableau Server, URL actions directed at a table row that contained null values would fail to execute.

In Tableau Server, views sometimes failed to render due to a failure in a VizQL Server process.

After upgrading to version 8.0.x from version 7.0.x, some workbooks were performing slower when making filter selections.

Interacting with some views on Tableau Server would sometimes result in a "Tableau Data Engine Error 4: no such schema (TableauTemp)" error. This error was caused when there was heavy load on the query cache and the cache had to be rebuilt.

Opening particular workbooks that contained dashboards with multiple worksheets using the same blended data sources could cause Tableau Server to become unresponsive.

Published views and dashboards that were multi-page would not always display all rows.

Holding down the shift key and clicking did not select multiple items in filters, as expected.

The background task server process would sometimes stop working.

The data server process would sometimes join tables incorrectly.

When Tableau Server was configured to perform SQL Server impersonation, a "Session ended by server" error message would sometimes display when a user attempted to open a workbook.

Embedded Tableau Server views wouldn't render correctly when they used a fixed size and the HTML page in which they were embedded was designed to initially hide, then display the view.