[oXygen-sdk] [oXygen-user] [ann] Security maintenance builds in response to the Log4j vulnerability
George Bina
george at oxygenxml.com
Fri Dec 17 08:53:10 CST 2021
Hi all,
Following the recent security vulnerabilities related to the Apache
Log4j library, we made available maintenance builds for many of our
products and we also updated the SDK to provide a fix for this issue.
These builds cover the latest versions of our products as well as older
versions.
The corresponding security advisory is updated with the latest
information about this issue, you can find it at:
https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html
In this mail, I am highlighting the SDK updates but you can find the
updates for product and plugins releases in the message sent to the
oxygen-users list:
https://www.oxygenxml.com/pipermail/oxygen-user/2021-December/006798.html
If you are using the Oxygen SDK, please update to the latest SDK for the
corresponding major version:
Oxygen SDK v22.1.0.0 should be updated to version 22.1.0.6
Oxygen SDK from v23.0.0.0 to v23.1.0.0 should be updated to version 23.1.0.4
Oxygen SDK v24.0.0.0 should be updated to version v24.0.0.2
Please note that older versions of the Oxygen SDK, meaning the versions
before 22.1.0.0, do not contain the log4j version 2 library, so they are
not affected.
Best Regards,
George
--
George Cristian Bina
http://www.oxygenxml.com
More information about the oXygen-sdk
mailing list