Product Shortcuts

OfficeExpert

MarvelClient

iDNA Applications

ConnectionsExpert

SecurityInsider

Versions Compared

Old Version 34

changes.mady.by.user markus sablatnig [panagenda]

Saved on

compared with

New Version 35

changes.mady.by.user markus sablatnig [panagenda]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleRegarding Metabase

Metabase includes Log4j and is vulnerable to CVE-2021-44228. For a first fix we update to Metabase 0.40.7 (which includes Log4j 2.15.0 and protects from the remote code execution exploit). Releases with this fix can be found in the left part of the table above.

The more recently discovered CVE-2021-45046 requires Log4j 2.16.0 for which no Metabase release is available yet. 
However: this newer CVE is far less critical, and according to Metabase developers it should not even be affected by it. Still, we are waiting for a new Metabase version and will create new releases once it is available just to be as safe as possible.

If you are uncomfortable with the unofficial Metabase developer statement regarding CVE-2021-45046, you can manually turn off Metabase for now:

  • Connect to the appliance with ssh or putty

  • For GreenLight:

    Code Block
    docker stop gl_metabase

  • For OfficeExpert and iDNA Applications:

    Code Block
    docker stop panagenda_metabase

...