Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
general:secadv-2021-01 [2021/12/22 13:25] – emr | general:secadv-2021-01 [2024/02/15 00:00] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Security Advisory 2021-01 [UPDATED] ====== | + | ====== Security Advisory 2021-01 [LAST UPDATED |
===== Summary ===== | ===== Summary ===== | ||
Line 8: | Line 8: | ||
2021-12-13 | 2021-12-13 | ||
- | Updated to announce fixed software versions on 2021-12-16 and 2021-12-22 | + | Updated to announce fixed software versions on 2021-12-18, 2021-12-22, and 2021-12-28 |
===== Affected Versions ===== | ===== Affected Versions ===== | ||
Line 25: | Line 25: | ||
If you see indications of unauthorized usage, please contact [[security-alerts@methodpark.com|]] immediately. | If you see indications of unauthorized usage, please contact [[security-alerts@methodpark.com|]] immediately. | ||
+ | |||
+ | Update for log4j 2.17.0 vulnerability RCE CVE-2021-44832 from 2021-12-28: Stages does not use log4j in the described configuration, | ||
===== Resolution ===== | ===== Resolution ===== | ||
Line 33: | Line 35: | ||
The issue has already been resolved on all Stages Cloud instances. There is no further action required for customers that use Stages Cloud / Stages as a Service. | The issue has already been resolved on all Stages Cloud instances. There is no further action required for customers that use Stages Cloud / Stages as a Service. | ||
+ | |||
+ | ===== Mitigation ===== | ||
If you are unable to upgrade your server instances immediately, | If you are unable to upgrade your server instances immediately, | ||
Line 38: | Line 42: | ||
==== Linux ==== | ==== Linux ==== | ||
- | Add the parameter " | + | Add the parameter " |
CONF_JAVA_OPTS=" | CONF_JAVA_OPTS=" | ||
Line 44: | Line 48: | ||
</ | </ | ||
- | Add the parameter " | + | Add the parameter " |
<code level1> | <code level1> | ||
Line 61: | Line 65: | ||
==== Windows ==== | ==== Windows ==== | ||
- | Start a command line interface with administrative permissions: | + | Start a command line interface with administrative permissions. |
- | + | ||
- | [[https:// | + | |
Navigate to your Stages installation via the " | Navigate to your Stages installation via the " | ||
- | Edit <font 11.0pt/ | + | Edit < |
+ | <code -> | ||
set JAVA_OPTS=-XX: | set JAVA_OPTS=-XX: | ||
- | |||
</ | </ | ||
- | Add the parameter " | + | Add the parameter " |
- | < | + | < |
[...] | [...] | ||
# log4j 2 | # log4j 2 | ||
Line 82: | Line 84: | ||
-Dlog4j2.formatMsgNoLookups=true | -Dlog4j2.formatMsgNoLookups=true | ||
[...] | [...] | ||
- | |||
</ | </ | ||
- | Navigate to <font 11.0pt/ | + | Navigate to < |
Restart both the " | Restart both the " | ||
- | **<font inherit/ | + | **IMPORTANT: |
===== Note ===== | ===== Note ===== |