A critical vulnerability in Apache Log4j impacting versions from 2.0-beta to 2.14.1 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2021-44228.
Enterprise Service Infrastructure (ESI) has been identified as a potentially exposed component. ESI is installed in addition to Spider to use the Spider OneSearch functionality. Spider instances using OneSearch (which therefore rely on ESI) have a search bar in the upper right corner.
Spider itself is not affected if OneSearch/ESI is not used. Unless Spider is using OneSearch and ESI is not installed, no action is required.
A new update has been released for Spider. This update switches off the OneSearch functionality, if used. Furthermore, the setup checks whether Enterprise Service Infrastructure (ESI) is installed on the server. There are no other changes with in this release.