21Q4.1

Release date: 17/12/2021

Pack version: 21.4.1

Fixed issues

EPL-103

Upgrade of log4j to version 2.16 to fix vulnerabilities

Error's description In response to the recent security vulnerabilities identified in the Log4j project, an extra recommended action is now advised for users. The primary reasons for this recommendation are as follows:

• Upgrade to Log4j 2.16: The Log4j project security team now strongly recommends updating to version 2.16 for enhanced protection. This version disables the risky "JNDI Lookups" feature, significantly bolstering security. This proactive step provides an additional layer of defense against any potential future vulnerabilities discovered in this area.

• CVE-2021-45046: A new security vulnerability, identified as CVE-2021-45046, has been reported recently. This vulnerability was not covered by the existing recommendations, creating a potential security gap.

For detailed technical information and instructions, please refer to the following resources:

• Apache Log4j security information (for 2.16)
• CVE-2021-45046
• External Analysis and Mitigation Guidance
• Updates on CVE-2021-45046

Affected Version Etendo 21Q4