Wiki source code of eMagiz Runtime - 5.0.4
Last modified by Erik Bakker on 2023/01/23 13:55
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | Fourth maintenance release in the eMagiz 5.0.x line. This release fixes Log4J security vulnerabilities CVE-2021-44228 and CVE-2021-45046. | ||
| 2 | |||
| 3 | Find out more in our [[Release blog>>Main.Release Information.Release Blogs.Apache Log4J vulnerability patch - Release blog.WebHome||target="blank"]]. | ||
| 4 | |||
| 5 | |||
| 6 | ===== Bug Fixes ===== | ||
| 7 | |||
| 8 | * Updated OPS4J Pax Logging version 1.10.1 to version 1.11.11. Internally this uses Apache Log4j 2, which is updated from version 2.8.2 to 2.16.0 in this release. This fixed the following two security vulnerabilities: | ||
| 9 | ** [[CVE-2021-44228 (CVSS score 10.0 - Critical)>>https://nvd.nist.gov/vuln/detail/CVE-2021-44228||target="blank"]] | ||
| 10 | ** [[CVE-2021-45046 (CVSS score 3.7 - Low)>>https://nvd.nist.gov/vuln/detail/CVE-2021-45046||target="blank"]] |