Skip to content
Permalink
Browse files
more detailed info about CVE
  • Loading branch information
shawnmckinney committed Dec 13, 2021
1 parent 31e9f34 commit 6f255f086c5a91e51add0a2c68c65013774e4832
Showing 1 changed file with 8 additions and 7 deletions.
@@ -8,15 +8,16 @@ title: News

The Apache Directory Project announces the release of Fortress - 2.0.7.

This emergency release includes an upgrade to the latest Log4j library, v2.15.0. This is our response to [CVE-2021-44228](http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228).
This emergency release includes an upgrade to the latest Log4j-core library. This is our response to [CVE-2021-44228](http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228).

It also includes dependency upgrades for Web and Rest deployments to be up-to-date per the latest OWASP vulnerability scans and a couple of other bug fixes.
It also includes other dependency upgrades (to latest Spring Security, Apache CXF and Apache Wicket) for Web and Rest dependencies to be up-to-date per the latest OWASP vulnerability scans and a couple of other misc bug fixes.

If using Apache Fortress 2.0.6, in any of your deployments, it is highly recommended moving to this release. Or, following the other mitigation procedures surrounding this CVE.

Previous version of Fortress, before 2.0.6, used Log4j v1, and aren't impacted.

Contact us on our mailing list if you have any questions.
More info about the Log4Shell vulnerability and Apache Fortress:
- If using the Apache Fortress Core 2.0.6, no need to upgrade. It does pull in the Apache Log4j-core lib, but only as a test dependency.
- Dependent apps of the Apache Fortress Core 2.0.6 do not need to upgrade because it does not pull in the Log4j-core lib as a compile or runtime dependency.
- Apache Fortress 2.0.6 Web (Commander) and Rest (Enmasse) deployments are affected. Upgrade immediately, or follow the mitigation procedures as described by the Apache Log4J project.
- Previous versions of Apache Fortress, before 2.0.6, did not use Apache Log4j and aren't affected.
- Contact us on our mailing list if you have any questions.

The Release notes:

0 comments on commit 6f255f0

Please sign in to comment.