A new update is available for SAS Fraud Management , version 6.2_M1 :
- Hot Fix: R3P001 - Published 26MAR2026 , Download link for R3P001
- Component name: SAS Fraud Management
- Related SAS release: SAS 9.4
Issues addressed in R3P001
| KB0043638 | SAS® Fraud Management contains an Insecure Direct Object Reference (IDOR) vulnerability |
| KB0044720 | The search feature on the "Rules" tab does not find rules that contain the word "state |
| KB0044721 | SAS® OnDemand Decision Engine creates excessive keep-alive monitor threads in environments with high transactions per second (TPS) values |
| KB0044722 | The SAS® OnDemand Decision Engine log file contains many "...ERROR ClusterSAS Unknown deploymentId: 0.5 Closing channel..." messages |
| KB0044723 | Rules disappear after you move them from Testing to Coding when the deploy_testing_rules_ind property is "true |
| KB0044724 | The protobuf-java version that SAS® Fraud Management uses is not current |
| KB0044727 | SAS® OnDemand Decision Engine does not recover the connectors after a Multi-Entity History (MEH) database outage on Redis systems |
| KB0044851 | SAS® Rules Studio does not support null arguments for the KCOMPRESS, COMPRESS, and SCAN functions |
| This list of notes might be incomplete. For a complete list of issues addressed by this hot fix, visit the hot fix page for R3P001 |
Note: A comprehensive list of all SAS hot fixes is available from support.sas.com. You can use the SAS Hot Fix Analysis, Download, and Deployment (SASHFADD) tool to manage your SAS hot fixes.
