| ... |
... |
@@ -2,6 +2,7 @@ |
| 2 |
2 |
|
| 3 |
3 |
The {{formcycle/}} Versions 7.0.0 through 7.0.6 use a version of Log4j that contains the [[CVE-2021-44228>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]] vulnerability disclosed on 12/10/2021. |
| 4 |
4 |
The {{formcycle/}} versions 7.0.0 through 7.0.7 use a version of Log4j that contains the [[CVE-2021-45046>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046]] vulnerability disclosed on 12/14/2021. |
|
5 |
+The {{formcycle/}} versions 7.0.0 through 7.0.8 use a version of Log4j that contains the [[CVE-2021-45105>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105]] vulnerability disclosed on 12/18/2021. |
| 5 |
5 |
|
| 6 |
6 |
Currently, we are not aware of any scenario where these vulnerabilities in {{formcycle/}} can be exploited. **We still recommend to upgrade to {{formcycle/}} [[Version 7.0.8>>doc:Blog.FORMCYCLE 708.WebHome]], which uses a new version of Log4j that no longer contains these vulnerabilities.** |
| 7 |
7 |
{{/info}} |
| ... |
... |
@@ -18,7 +18,7 @@ |
| 18 |
18 |
|
| 19 |
19 |
When using servlet containers other than Apache Tomcat, please consult the documentation for that servlet container for the location at which this parameter can be passed. |
| 20 |
20 |
|
| 21 |
|
-If an upgrade to the latest {{formcycle/}} version is not possible, mitigation of __CVE-2021-45046__ is only necessary if logpatterns containing [[affected configurations>>https://logging.apache.org/log4j/2.x/security.html]] have been manually configured. In this case, the corresponding patterns should be removed. |
|
22 |
+If an upgrade to the latest {{formcycle/}} version is not possible, mitigation of __CVE-2021-45046__ & __CVE-2021-45105__ is only necessary if logpatterns containing [[affected configurations>>https://logging.apache.org/log4j/2.x/security.html]] have been manually configured. In this case, the corresponding patterns should be removed. |
| 22 |
22 |
{{/info}} |
| 23 |
23 |
|
| 24 |
24 |
{{content/}} |
