Page History
...
Note | ||||
---|---|---|---|---|
| ||||
Metabase includes Log4j and is vulnerable to CVE-2021-44228. For a first fix we update to Metabase 0.40.7 (which includes Log4j 2.15.0 and protects from the remote code execution exploit). Releases with this fix can be found in the left part of the table above. (column marked with 1) ) The more recently discovered CVE-2021-45046 requires Log4j 2.16.0 for which no Metabase release is available yet. If you are uncomfortable with the unofficial Metabase developer statement regarding CVE-2021-45046, you can manually turn off Metabase for now:
|
...