Official Security Patch Release

E-COLOGY Security Patches

Includes full security updates for EC10.0 / 9.0 / 8.0 / 7.0
Critical Prerequisites

1. Password Security: Periodically update passwords. Ensure complexity (13+ characters, mixed case, numbers, and special characters; avoid predictable patterns).

2. Port Protection: Strictly prohibit exposing remote desktop ports (e.g., 3389, 22) to the internet. Only open necessary ports (e.g., 80, 89, 8088).

3. Data Backup: Perform off-site and cross-media backups (Application + Database) before upgrading.

4. Custom Development: If the system has significant secondary development, verify patches in a test environment first.

Cumulative Security PatchesFor new deployments or major upgrades
Official Version: v20250925
E10

E-cology 10.0

Latest security patch for E10 products. Please verify the version before downloading.

Updated: 2025-09-25

MD5 Checksum Download Now
Official Version: v10.79
E9

E-cology 9.0

Latest cumulative security patch for E9 products. Please verify the version before downloading.

Updated: 2025-09-25

MD5 Checksum Download Now
Official Version: v10.79
E8

E-cology 8.0

Latest cumulative security patch for E8 products. Please verify the version before downloading.

Updated: 2025-09-25

MD5 Checksum Download Now
Official Version: v6.51
E7

EC 7.0 and below

Latest security patch for EC7.0 and legacy products. Please verify the version before downloading.

Updated: 2024-09-10

MD5 Checksum Download Now
Incremental Updates & Security Components
EC 9.0 Incremental Security Patch
E9 ONLY

E9 Exclusive Incremental Patch. Please verify the version.

Updated: 2025-09-25

Based on v10.56 Download
MD5 Download
Based on v10.78 Download
MD5 Download
EC 8.0 Incremental Security Patch
E8 ONLY

E8 Exclusive Incremental Patch. Please verify the version.

Updated: 2025-09-25

Based on v10.56 Download
MD5 Download
Based on v10.78 Download
MD5 Download
IP Blacklist Library
v10.11

Blocks known malicious IP sources. Universal rules for E7 / E8 / E9.

Updated: 2025-07-02

Download Ruleset Download
MD5 Download
Configuration & Deployment
Doc

Includes installation manuals for security patches and system operation security recommendations.

Updated: 2022-07-16

Config Manual Security Advise
Update History
2025-09-25
v10.79
182. Fixed newly discovered security issues.
2025-07-21
v10.78
181. Fixed newly discovered security issues.
2025-07-15
v10.77
180. Fixed newly discovered security issues.
2025-07-04
v10.76
179. Fixed newly discovered security issues.
2025-07-02
v10.75/v10.11
178. Added malicious IPs to the blacklist based on threat intelligence from July 1st.
View full history > | Download Historical Patches >
Prerequisites

1. Before Upgrading: Check for residual OA security patches as per documentation. If found, remove them accordingly.

2. Guides: Upgrade Guide | Domestic OS Upgrade Guide | Domestic OS Troubleshooting

E-Mobile 7 Platform & Security Patches
v20250928
EM7

E-Mobile 7 Security Patch

Latest security patch for EM7 products. Please verify the version.

Updated: 2025-09-28

MD5 Checksum Download Now
v1.7
EM6

EMobile 4-6 Security Patch

Latest security patch for EM4-6 products. Please verify the version.

Updated: 2024-07-25

MD5 Checksum Download Now
Update History
2025-09-25
Patch
Cumulative functional updates for E-Mobile 7, optimized for Domestic Innovation (Xinchuang) environments, improved stability.
2025-09-24
  • SecurityFixed XSS vulnerabilities.
2025-08-18
  • FixResolved known issues.
2025-08-13
  • FixResolved known issues.
  • NewAdded client download records.
2025-08-08
  • FixFixed DingTalk push notification anomalies.
View full history >
Update History
2024-07-25
v1.7
Released security patch v1.7, fixed EMobile6 installOperate SSRF vulnerability.
2023-08-21
v1.6
Released security patch v1.6, fixed EMobile backend management security vulnerabilities.
2021-07-13
v1.5
Released security patch v1.5, fixed workflow submission interception and mobile modeling function failures.
2021-06-29
v1.4
Released security patch v1.4, fixed issues where OCR invoice recognition was intercepted.
2021-06-23
v1.3
Released security patch v1.3, enhanced EMobile security protection.
View full history >
Critical Prerequisites

1. Dependencies: The Message Server (Private Cloud) MUST be used with Redis.

2. Procedure: When upgrading, STOP the e-message service first, overwrite files, then restart.

3. Status Check: Log in to the Console (9090) -> Features -> Server -> Online Status to verify Redis connection.

4. Compatibility: Private cloud customers should check E-Mobile client version compatibility when applying server patches.

Message Private Cloud Server
v20250924
EMs

E8 Private Cloud Server Update

Updated: 2025-09-24

MD5 Checksum Download Now
Update History
2025-09-24
1. Fixed improper authentication vulnerability in emessage allowing unauthorized user account creation.
2023-03-10
1. EM6 supports cloud push notification.
2022-09-23
1. Fixed service vulnerabilities.
2. Optimized Huawei Push.
3. Other optimizations and fixes.
2022-05-23
1. Upgraded fastjson to version 1.2.83.
2022-05-16
1. Fixed arbitrary file download vulnerability.
2. Other optimizations and fixes.
View full history >
Critical Prerequisites

Scope: This patch applies to ANY version of the E-Bridge system.

Fixes: Focuses on arbitrary file upload vulnerabilities and other high-risk hazards.

E-Bridge Security Patch
v20240725
EB

E-Bridge Universal Security Patch

Updated: 2024-07-25

MD5 Checksum Download Now
Update History
2023-11-14
Fixed Shiro vulnerabilities.
2023-08-21
Fixed E-Bridge security vulnerabilities.
2023-07-24
Fixed Shiro vulnerabilities.
2023-05-04
1. Fixed Shiro vulnerabilities.
2. Fixed SQL injection vulnerability after login.
2023-01-29
1. Fixed arbitrary file upload vulnerability after login.
2. Fixed other known vulnerabilities.
View full history >
Critical Prerequisites

1. Scope: This page includes upgrades for E10 Operations Platform and Operations Platform 3.0 (Ecology). Please select according to your version.

2. E10 Upgrade: Applicable to both standard and Domestic Innovation (Xinchuang) environments. Customers with E10 Operations Platform deployed should follow the Upgrade Guide.

3. E9.0 Upgrade: For Operations Platform 2.0, no need to stop or uninstall. Install the 3.0 patch directly for security upgrades. See Upgrade Guide.

E10 Operations Platform & E9 Operations Platform
v20251120
E10

E10 Operations Security Patch

Updated: 2025-11-20

MD5 Checksum Download Now
v3.0.45
E9

E9 Operations Security Patch

Updated: 2025-07-14

MD5 Checksum Download Now
Update History
2023-01-15
v5.0.1
1. Optimized system information display.
2. Configuration management now supports modifying all config info.
3. Optimized pre-upgrade validation logic.
2022-12-26
v5.0.0
1. Added version verification for platform updates.
2. Added two password parameters for Mongo installation.
3. Optimized EM message push.
Update History
2025-03-04
v3.0.45
1. Fixed occasional connection leaks caused by upgrades.
2. Fixed occasional empty download logs.
3. Fixed occasional missing data in performance lists.
4. Other optimizations and security upgrades.
Critical Prerequisites

1. High Risk Warning: Customers with E-Search deployed MUST apply this security patch.

2. Data Backup: Backup E-Search before upgrading to prevent data loss in case of failure.

3. Port Protection: It is recommended to close internet access for the following E-Search ports: 8099, 2098, 8090, 9300, 20981.

E-Search Security Patch
v1.03
ES1.0

E-Search 1.0 Security Patch

Fixed Log4j2 and other security vulnerabilities.

Updated: 2021-06-23

MD5 Checksum Download Now
v1.08
ES2.0

E-Search 2.0 Security Patch

Fixed Log4j2 Remote Code Execution (RCE) vulnerability.

Updated: 2022-07-31

MD5 Checksum Download Now
v2.18.0
ES

ElasticSearch Security Patch

Official Version: 2.18.0.
Fixed component vulnerabilities.

Updated: 2022-07-31

MD5 Checksum Download Now
Doc
DOC

Restart Operation Guide

Guide for restarting E-Search & ElasticSearch.

Download Now
Update History
2022-07-31
v1.08/v2.18.0
1. Fixed Log4j2 remote code execution vulnerability in E-Search; upgraded jar package to version 2.18.0.
2. Fixed Log4j2 remote code execution vulnerability in E-Search component ElasticSearch.
2021-12-30
v1.07/v2.17.1
Fixed Log4j2 RCE vulnerability in E-Search program and ES component; upgraded to version 2.17.1.
2021-12-20
v1.06/v2.17.0
Fixed DOS denial of service attack vulnerability; upgraded Log4j to version 2.17.0.
2021-12-14
Fixed remote code execution vulnerability; upgraded Log4j to version 2.16.0.
2021-12-10
Fixed remote code execution vulnerability; upgraded Log4j to version 2.15.0-rc2.
View full history >