Product Shortcuts

OfficeExpert

MarvelClient

iDNA Applications

ConnectionsExpert

SecurityInsider

Versions Compared

Old Version 31

changes.mady.by.user markus sablatnig [panagenda]

Saved on

compared with

New Version 32

changes.mady.by.user markus sablatnig [panagenda]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1) See info box "Regarding Metabase" above the tablebelow


Note
titleRegarding Metabase

Metabase includes Log4j and is vulnerable to CVE-2021-44228. For a first fix we update to Metabase 0.40.7 (which includes Log4j 2.15.0 and protects from the remote code execution exploit).

The more recently discovered CVE-2021-45046 requires Log4j 2.16.0 for which no Metabase release is available yet. 
However: this newer CVE is far less critical, and according to Metabase developers it should not even be affected by it. Still, we are waiting for a new Metabase version and will create new releases once it is available just to be as safe as possible.

If you are uncomfortable with CVE-2021-45046, you can manually turn off Metabase for now:

  • Connect to the appliance with ssh or putty

  • For GreenLight:

    Code Block
    docker stop gl_metabase

  • For OfficeExpert and iDNA Applications:

    Code Block
    docker stop panagenda_metabase

...