[CSN-5779] Implement a quick fix for Log4J vulnerability in HC - Jira

XML

Word

Printable

Details

Type: Story
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: chat 3.15.6
Fix Version/s: chat 3.15.7
Component/s: CCM, communication server, MRE
Labels:
- DevOps
- hybrid-chat

Account:
International Projects (InternationalProjects)
Epic Link:
Log4J vulnerability

Description

Vulnerability

The CVE-2021-442288 vulnerability was found in the following Java-based components in HC:

CCM
Communication Server
Routing Engine

Implementation

This vulnerability is caused by Log4J2 in versions older than 2.15.0. It is recommended to update the Log4J2 library to at least ≥ 2.16.0 which resolves the following two vulnerabilities:

CVE-2021-44228 - Critical
CVE-2021-45056 - Low

Attachments

Activity

People

Assignee:: Awais Aslam

Reporter:: Jawad Bokhari

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Dec/21 7:43 PM

Updated:: 17/Dec/21 3:44 PM

Resolved:: 16/Dec/21 7:45 PM