This security update resolves an elevation of privilege vulnerability that exists in Microsoft SharePoint. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1330.
Note To apply this security update, you must have the release version of Microsoft SharePoint Server 2019 installed on the computer.
Improvements and fixes
This security update contains improvements and fixes for the following nonsecurity issues:
- A crawl of content that has many links fails because the number of links exceeds the maximum allowable. After multiple failures, the search index entries for the content are deleted unexpectedly. After this update is applied, you can set the maximum number of links to be sent to the index by using the ContentPIMaxNumLinks property.
For example, you can run the following PowerShell commands in the SharePoint 2019 Management Shell to set ContentPIMaxNumLinks to 10000:
$ssa = Get-SPEnterpriseSearchServiceApplication
- When you select View Installed Updates in the Windows Control Panel, you see the most recently installed SharePoint Server 2019 Public Updates listed. However, the version number of these updates isn't displayed in the Version column. After you install this update, the version number of these updates is displayed.
- Search and Distributed Cache servers in a MinRole farm that have custom web templates display "Upgrade Required" after you run an in-place build-to-build upgrade. After this update is applied, the servers display "No Action Required."
- When you access a classic Team site and open the browser's developer console, you see an error message that states "CSS3111: @font-face encountered unknown error. Office365Icons.eot." After you install this update, there is no error.
- Fixes an issue in which the stage status information text contains special characters such as an ampersand (&), workflows fail.
- Makes changes to display the new Japanese era name for date format samples in Date Format in Project Web App (PWA) sites.
- You can now update a task dependency lead and lag time by using the LinkLagDuration property through the client-side object model (CSOM). Similar to other duration properties (such as the Task.Duration property in the Task Object), it excepts either a string or an integer value. For example, either 1d or 480 is acceptable to indicate one day of work.
- The CalendarException.RecurrenceWeek property returns wrong values for calendar exceptions through the client-side object model (CSOM).
- When the Schedule Variance Percentage (SVP) earned value becomes very large, an overflow condition occurs. This may cause either abnormal SVP values within Project Web App (PWA) project views or the view may fail to load. The SVP value now has a lower limit of "-100%" and upper limit of "100%".
How to get and install the update
Method 1: Microsoft Update
This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
Security update deployment information
For deployment information about this update, see security update deployment information: October 8, 2019.
Security update replacement information
This security update replaces previously released security update 4475596.
File hash information
|File name||SHA1 hash||SHA256 hash|
The English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.