# Nov 2025 Security Patch for VitaraMaps ### VitaraMaps SSRF Security Patch Drop-IN –Deployment Instructions It is designed as a drop-in replacement for VitaraMaps versions **5.3.1 through 5.3.6**. Download URL: This patch provides the updated security-hardened versions of\ fileLoader.jsp, fileLoader.aspx.
Follow the steps below to deploy the patch in all required MicroStrategy components. *** #### 1. Contents of the Patch The patch package contains: **VitaraMaps**/ fileLoader.jsp fileLoader.aspx **VitaraMapsLibrary**/ fileLoader.jsp fileLoader.aspx These files must overwrite the existing versions of the files in the VitaraMaps and VitaraMapsLibrary installation. *** #### 2. Where to Apply the Patch The patch must be applied in all environments where VitaraMaps are used: 1. MicroStrategy Web \/plugins/VitaraMaps/ 2. MicroStrategy Library \/plugins/VitaraMapsLibrary/ 3. PDF Export Engine (Export Server) \/plugins/VitaraMaps/ Each of these components maintains its own plugins folder, so all relevant locations should be updated. *** #### 3. Deployment Steps **Step 1 — Extract the Patch** Download and unzip: * VitaraMaps.zip * VitaraMapsLibrary.zip (Library distribution only) You will see directories: VitaraMaps/ VitaraMapsLibrary/ (for Library only) containing the updated fileLoader files. *** #### Step 2 — Copy Over Existing Installation Navigate to each MicroStrategy component’s VitaraMaps folder, for example: \/plugins/VitaraMaps/ \/plugins/VitaraMapsLibrary/ \/plugins/VitaraMaps/ Then: * Copy the extracted VitaraMaps (or VitaraMapsLibrary) folder on top of the existing folder (i.e. into the \~/plugins/ folder). Alternatively you can choose to overwrite each file individually\ When prompted, choose Replace / Overwrite all files. * This ensures the old fileLoader logic is replaced with the secure version. *** #### Step 3 — Restart the Web Server After replacing the files, restart services: * Tomcat / IIS / Web Server (for MicroStrategy Web and MicroStrategy Library) * PDF Export Engine This ensures the updated fileLoader code is picked up. *** #### Step 4 Verification - How to Confirm Patch is Working To verify that the SSRF protection is active, you can test the behavior of fileLoader.jsp (or fileLoader.aspx) directly using a harmless public URL such as . **Test AFTER adding the Patch** Open the following URL in the browser: For: MicroStrategy Web https\://\:\/MicroStrategy/plugins/VitaraMaps/fileLoader.jsp?file= For: MicroStrategy Library https\://\:\/MicroStrategy/plugins/VitaraMapsLibrary/fileLoader.jsp?file= #### Expected Result With Fix (Patch Working) You should see a JSON response similar to: null({status:400, msg:'**host not allowed**', data:'bnVsbA==', type:'null', ctx:'null'}) This means the patch is correctly blocking external URLs. *** **If instead the following result is seen then you’re still using the old file.** **Result Without Fix**: null({status:200, msg:'**success**', data:'WW91IGhhdmUgbG9hZGVkIGFuIGV4dGVybmFsIHJlc291cmNlIGZyb20gVml0YXJh', type:'null', ctx:'null'}) *** \ \
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.vitaracharts.com/maps-user-guide/nov-2025-security-patch-for-vitaramaps.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.