Page History
...
- ApplicationInsights, ConnectionsExpert, iDNA, and iDNA Applications use some Log4j directly. We will remove Log4j completely to resolve this and reliably prevent any further issues.
- GreenLight, iDNA Applications, and OfficeExpert include Metabase which uses Log4j. We will update the Metabase version in all these products to a safe release.
Overview and Status
Product | CVE-2021-44228 | Fix Status | Fix Release 1) | CVE-2021-45046 | Fix Status | Fix Release 2) | How To Upgrade | ||
---|---|---|---|---|---|---|---|---|---|
ApplicationInsights | vulnerable - fix available | released - Dec 14 | 1.6.3 | vulnerable - fix available | released - Dec 14 | 1.6.3 | Upgrade ApplicationInsights (≥ v1.5.1) | ||
ConnectionsExpert 2.x | vulnerable - fix available | released - Dec 15 | 2.1.3 | vulnerable - fix available | released - Dec 15 | 2.1.3 | Upgrade ConnectionsExpert (> v2.0) | ||
ConnectionsExpert 3.x | vulnerable | in testing | 3.0.2 | vulnerable | in testing | 3.0.2 | Upgrade ConnectionsExpert (> v2.0) | ||
GreenLight | vulnerable - fix available | released - Dec 15 | 4.5.0 | vulnerable - fix available | released - Dec 15 | Upgrading GreenLight - only for >=3.5.x | |||
Metabase potentially vulnerable 3) | waiting for Metabase | 4.5.1 | |||||||
iDNA | vulnerable | in testing | 2.11.1 | vulnerable | in testing | 2.11.1 |
Please contact support - all customers should be migrated to iDNA Applications already. | |||||||||
iDNA Applications | vulnerable - fix available | released - Dec 13 | 2.1.2 | vulnerable - fix available | released - Dec 13 | 2.1.2 | Upgrading iDNA Applications | ||
Metabase potentially vulnerable 3) | waiting for Metabase | 2.1.3 | |||||||
MarvelClient | safe | safe | |||||||
OfficeExpert | vulnerable - fix available | released - Dec 14 | 4.3.3 | vulnerable - fix available | released - Dec 14 | 4.3.3 | Upgrading OfficeExpert | ||
Metabase potentially vulnerable 3) | waiting for Metabase | 4.3.4 | |||||||
OfficeExpert EPM | safe | safe | |||||||
SecurityInsider / GroupExplorer | safe | safe | |||||||
SmartChanger | safe | safe | |||||||
Document Properties Plugin | safe | safe | |||||||
LogViewer Plugin | safe | safe | |||||||
Network Monitor Plugin | safe | safe | |||||||
PrefTree Plugin | safe | safe | |||||||
Tabzilla Plugin | safe | safe | |||||||
Timezone Helper Plugin | safe | safe |
1) The fix releases in this column address CVE-2021-44228 both in our own code, and in Metabase.
2) The fix releases in this column address CVE-2021-45046 and are split in some cases. There are separate rows for cases where the older fix solves the issue in our code, but we are still waiting for a Metabase version so we can issue another release. See also 3)
3) See info box "Regarding Metabase" below
...