cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Spider 6.4.5-R7 - Hotfix Release, Log4j in OneSearch, Date: December 17, 2021

jborchers
Moderator Moderator
Moderator
1 0 348

Spider 6.4.5-R7 update is available

Release Date: 2021-12-17

 

A critical vulnerability in Apache Log4j impacting versions from 2.0-beta to 2.14.1 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2021-44228.

Enterprise Service Infrastructure (ESI) has been identified as a potentially exposed component. ESI is installed in addition to Spider to use the Spider OneSearch functionality. Spider instances using OneSearch (which therefore rely on ESI) have a search bar in the upper right corner.

Spider itself is not affected if OneSearch/ESI is not used. Unless Spider is using OneSearch and ESI is not installed, no action is required.

A new update has been released for Spider. This update switches off the OneSearch functionality, if used. Furthermore, the setup checks whether Enterprise Service Infrastructure (ESI) is installed on the server. There are no other changes with in this release.

For further information, the details are summarized in the knowledge base article: 
https://community.flexera.com/t5/Spider-Knowledge-Base/Apache-Log4j-remote-code-execution-vulnerability-CVE-2021-44228/ta-p/217299

 

Director Product Management Hamburg, Germany