Customer Portal

Introducing Lumada DataOps Suite

Innovate with Data: Lumada simplifies data management with automation and collaboration.

With Lumada, you can: Gain 360-degree views of your customers, products and assets.

Streamline your business operations and take out cost, and meet stringent compliance demands.

VFS Connections Vulnerability - Pentaho – Impacted


Customers who have installed Pentaho through and are using virtual file system (VFS) connections with Google Cloud Storage, Snowflake Staging, HCP, and Amazon S3 should immediately change their credentials with those storage systems.

The Pentaho versions affected are through

Issue Description

We have identified a product defect in Pentaho through that has the potential to display encrypted VFS credentials in job (KJB) and transformation (KTR) files. Because KJB and KTR files can be emailed or sent in other ways to recipients who are not part of the customer organization, this defect may cause the inadvertent distribution of VFS credentials.

Although passwords are encrypted in Pentaho, customers should not rely only on this encryption to protect their VFS credentials.

This defect is being addressed in a future Service Pack update, and customers requiring assistance now may contact Support for a JAR update hot fix. In addition, we are prototyping a tool that can sanitize KJB and KTR files that may have been affected by this issue.

The defect is related to named VFS connections, and may be mitigated now by changing credentials with the VFS storage systems.


  • Change your credentials with your VFS storage system.
  • In addition, we recommend using AES encryption for passwords. Customers who have not already implemented AES encryption can find instructions in the Pentaho documentation at AES security.



If you need assistance or have questions, please contact Support through the Support Portal.