Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
general:secadv-2021-01 [2021/12/22 13:26] – emr | general:secadv-2021-01 [2024/02/13 17:16] – [Windows] emr | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Security Advisory 2021-01 [UPDATED] ====== | + | ====== Security Advisory 2021-01 [LAST UPDATED |
===== Summary ===== | ===== Summary ===== | ||
Line 8: | Line 8: | ||
2021-12-13 | 2021-12-13 | ||
- | Updated to announce fixed software versions on 2021-12-16 and 2021-12-22 | + | Updated to announce fixed software versions on 2021-12-18, 2021-12-22, and 2021-12-28 |
===== Affected Versions ===== | ===== Affected Versions ===== | ||
Line 25: | Line 25: | ||
If you see indications of unauthorized usage, please contact [[security-alerts@methodpark.com|]] immediately. | If you see indications of unauthorized usage, please contact [[security-alerts@methodpark.com|]] immediately. | ||
+ | |||
+ | Update for log4j 2.17.0 vulnerability RCE CVE-2021-44832 from 2021-12-28: Stages does not use log4j in the described configuration, | ||
===== Resolution ===== | ===== Resolution ===== | ||
Line 63: | Line 65: | ||
==== Windows ==== | ==== Windows ==== | ||
- | Start a command line interface with administrative permissions: | + | Start a command line interface with administrative permissions. |
- | + | ||
- | [[https:// | + | |
Navigate to your Stages installation via the " | Navigate to your Stages installation via the " | ||
- | Edit <font 11.0pt/ | + | Edit < |
+ | <code -> | ||
set JAVA_OPTS=-XX: | set JAVA_OPTS=-XX: | ||
- | |||
</ | </ | ||
- | Add the parameter " | + | Add the parameter " |
- | < | + | < |
[...] | [...] | ||
# log4j 2 | # log4j 2 | ||
Line 84: | Line 84: | ||
-Dlog4j2.formatMsgNoLookups=true | -Dlog4j2.formatMsgNoLookups=true | ||
[...] | [...] | ||
- | |||
</ | </ | ||
- | Navigate to <font 11.0pt/ | + | Navigate to < |
Restart both the " | Restart both the " | ||
- | **<font inherit/ | + | **IMPORTANT: |
===== Note ===== | ===== Note ===== |