To try out DSpace 7.1 immediately, see Try out DSpace 7. This will ensure it is using the new version of log4j as well.Īt this time, DSpace 6.x and below appear unaffected by CVE-2021-44228, as they all used log4j v1 exclusively with a default configuration that is not impacted. If you use the Handle.Net Registry Support in DSpace 7.x, make sure to restart your Handle Server.If you are unable to perform this upgrade, you may patch your current Solr by ensuring that `-Dlog4j2.formatMsgNoLookups=true` is specified in your `SOLR_OPTS` environment variable.Upgrade to Apache Solr v8.11.1 (or above), to ensure your Solr is patched for CVE-2021-44228.If you are unable to perform this upgrade, you may patch your 7.0 or 7.1 site by applying the changes in PR #8065.This backend is compatible with the DSpace Frontend version 7.1 Upgrade your DSpace backend (REST API) to version 7.1.1 immediately.To ensure your 7.x site is completely secure, perform ALL the following: The DSpace 7.1 Frontend (UI) can be used with the DSpace 7.1.1 Backend. As such, it was only a Backend / REST API release. The CVE-2021-44228 vulnerability is described in more detail at and ĭSpace 7.1.1 only contains an update to the Apache Log4j Library to ensure DSpace is not vulnerable to CVE-2021-44228. DSpace 7.0 and 7.1 both used a bundled version of the Apache Log4j Library vulnerable to RCE (remote command execution).
0 kommentar(er)
