x Want to participate? Join the group to interact
Options
  • Replies 5 replies
  • Subscribers 44 subscribers
  • Views 5508 views
  • Users 0 members are here
Browse Forums
Announcements
152
topics
130
replies
General Discussion
370
topics
732
replies
Sage HRMS Training
139
topics
97
replies
Jason Adams

Why is MSXML4.dll still used yet it is end of life?

Posted By

Hi all,

We've been using Sage for awhile and our team loves it.

I am the sys admin for a local health department.

We're running security audits and scans and one of the major critical flags we're seeing is the existence and use of "MSXML 4" which has been EOL for a very long time.

I've been doing some research and so far the only application I've been able to trace back to using this is Sage.

Anyone know why Sage continues to use such an outdated version of MSXML? I even see that it is apart of the installation. If I remove the file, Sage will reconfigure itself and reinstall the file.

Clearly it is a vulnerability. Is this something Sage could address?

Not sure what channel to go through on this, so I figured I would reach out to the community.

Thanks!

-Jason

Parents

  • Hello Jason, 

    We are running into the same exact issue with MSXML parser version 4.0; even after upgrading to HRMS 10.7*.

    We attempted to remove 2 versions of MSXML 4.0; however, Sage HRMS stopped working completely.

    The program would launch and attempt to repair itself by downloading and running the Sage HRMS Client immediately after signing in. 

    This resulted in a perpetual cycle of repeat failures; even with local and domain admin rights. 

    The only way I could get HRMS 10.7* to run again was to put BOTH versions of MSXML parser 4.0 back.

    I was told to use the Sage City forums for a resolution but... 5 months of no reply is very disheartening.

    Please let me know if you were able to work around this issue?

    -JZiggy80

  • in reply to JZiggy80

    Unfortunately, we have not found a solution to this at all. I had sent in a support request to Sage themselves, but never received a response :(. 

  • in reply to Jason Adams

    I put in 2 different requests and received feedback saying to update from 10.6 to 10.7 to resolve this issue. Unfortunately, that turned out to be false. I was pointed towards the forums during my last call with Sage HRMS support for a final solution/reply from an engineer. When I noticed your 5 month old post was referencing the exact same scenario with no response, my hopes diminished immediately. Last hope is via my 1 remaining ticket request for more information regarding what the parser is used for specifically. Then again, even if I find out... it's just to affirm the negative.

    I hope someone views our replies and activity, putting effort into researching this further.

  • in reply to Jason Adams

    I've recently heard rumor of a 4th Quarter patch that will remove the MSXML parser 4.0. After calling the technical support to verify, I reached a representative that did confirm this update is coming and will NOT have MSXML parser 4.0. Unfortunately we will have to wait and see.

Reply
  • in reply to Jason Adams

    I've recently heard rumor of a 4th Quarter patch that will remove the MSXML parser 4.0. After calling the technical support to verify, I reached a representative that did confirm this update is coming and will NOT have MSXML parser 4.0. Unfortunately we will have to wait and see.

Children
  • in reply to JZiggy80

    This problem is only getting worse for us. Nearly every week there are updates whether Microsoft or third party that are removing the xml 4 parser because it is obsolete and it keeps causing the Sage users to go through the reconfiguring each time they launch Sage.

    Have you by chance received any more information about this? I really do hope they can get this yanked out on the next update, that would be awesome.

*Community Hub is the new name for Sage City