| ... |
... |
@@ -1,9 +1,12 @@ |
| 1 |
1 |
{{info}} |
|
2 |
+ |
|
3 |
+The {{formcycle/}} Versions 7.0.0 through 7.0.11 contain a version of the Spring Framework that contains the [[CVE-2022-22965>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965]] vulnerability disclosed on April 01st, 2022. |
|
4 |
+The {{formcycle/}} Versions 7.0.0 through 7.0.6 use a version of Log4j that contains the [[CVE-2021-44228>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]] vulnerability disclosed on December 10th, 2021. |
|
5 |
+The {{formcycle/}} versions 7.0.0 through 7.0.7 use a version of Log4j that contains the [[CVE-2021-45046>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046]] vulnerability disclosed on December 14th, 2021. |
|
6 |
+The {{formcycle/}} versions 7.0.0 through 7.0.8 use a version of Log4j that contains the [[CVE-2021-45105>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105]] vulnerability disclosed on December 18th, 2021. |
|
7 |
+The {{formcycle/}} versions 7.0.0 through 7.0.9 use a version of Log4j that contains the [[CVE-2021-44832>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832]] vulnerability disclosed on December 11th, 2021. |
| 2 |
2 |
|
| 3 |
|
-The {{formcycle/}} Versions 7.0.0 through 7.0.6 use a version of Log4j that contains the [[CVE-2021-44228>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]] vulnerability disclosed on 12/10/2021. |
| 4 |
|
-The {{formcycle/}} versions 7.0.0 through 7.0.7 use a version of Log4j that contains the [[CVE-2021-45046>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046]] vulnerability disclosed on 12/14/2021. |
| 5 |
|
- |
| 6 |
|
-Currently, we are not aware of any scenario where these vulnerabilities in {{formcycle/}} can be exploited. **We still recommend to upgrade to {{formcycle/}} [[Version 7.0.8>>doc:Blog.FORMCYCLE 708.WebHome]], which uses a new version of Log4j that no longer contains these vulnerabilities.** |
|
9 |
+Currently, we are not aware of any scenario where these vulnerabilities in {{formcycle/}} can be exploited. **We still recommend to upgrade to {{formcycle/}} [[Version 7.0.12>>doc:Blog.WebHome]], which use a new version of Log4j and the Spring Framework that no longer contain these vulnerabilities.** |
| 7 |
7 |
{{/info}} |
| 8 |
8 |
|
| 9 |
9 |
{{info}} |
| ... |
... |
@@ -18,7 +18,7 @@ |
| 18 |
18 |
|
| 19 |
19 |
When using servlet containers other than Apache Tomcat, please consult the documentation for that servlet container for the location at which this parameter can be passed. |
| 20 |
20 |
|
| 21 |
|
-If an upgrade to the latest {{formcycle/}} version is not possible, mitigation of __CVE-2021-45046__ is only necessary if logpatterns containing [[affected configurations>>https://logging.apache.org/log4j/2.x/security.html]] have been manually configured. In this case, the corresponding patterns should be removed. |
|
24 |
+If an upgrade to the latest {{formcycle/}} version is not possible, mitigation of __CVE-2021-45046__ & __CVE-2021-45105__ is only necessary if logpatterns containing [[affected configurations>>https://logging.apache.org/log4j/2.x/security.html]] have been manually configured. In this case, the corresponding patterns should be removed. |
| 22 |
22 |
{{/info}} |
| 23 |
23 |
|
| 24 |
24 |
{{content/}} |
