Decision Insight Messaging System 20211220 release notes

Hotfix 02 delivered on December 17th, 2021

Fixed issues

Fixed security vulnerabilities

Support case Severity Details

Critical

Log4j updated

To prevent potential threats (CVE-2021-44228), Log4J has been upgraded from 2.13.3 to 2.15.0


Medium

The latest Java JRE is included in the installer

OpenJDK 17 was released on September 14th, 2021. It is now included by default. As a consequence, TLS 1.0 and TLS 1.1 are removed.


Medium

Kafka dependency updated

To prevent potential threats, Kafka has been upgraded from 2.5.0 to 2.8.1

Other fixed issues

Hotfix 02

Support case Severity Details

01320038

Critical

Log4J could be sensitive to attack using the lookup variable

log4j was updated from version 2.15.0 to 2.16.0

CVE-2021-44228 allows attackers to download and run any code on a server by logging a specially crafted string. This attack leverages the variable lookup in log4j and the current attack vector uses JNDI and LDAP.

Release

Support case Severity Details

01320038

Critical

Log4J could be sensitive to attack using the lookup variable

CVE-2021-44228 allows attackers to download and run any code on a server by logging a specially crafted string. This attack leverages the variable lookup in log4j and the current attack vector uses JNDI and LDAP.

log4j was updated from version 2.13.3 to 2.15.0

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements. 

Email support@axway.com or visit Axway Support at https://support.axway.com.

Related Links