[oXygen-user] [ann] Security maintenance builds in response to the Log4j vulnerability
McAulay, Lisa
emcaulay at library.ucla.edu
Fri Dec 17 12:00:28 CST 2021
Thank you so much! I followed your instructions and deleted the calabash folder. I am so grateful that you were able to help me!
________________________________
From: oXygen-user <oxygen-user-bounces at oxygenxml.com> on behalf of Oxygen XML Editor Support (Radu Coravu) <support at oxygenxml.com>
Sent: Friday, December 17, 2021 7:52 AM
To: oxygen-user at oxygenxml.com <oxygen-user at oxygenxml.com>
Subject: Re: [oXygen-user] [ann] Security maintenance builds in response to the Log4j vulnerability
Hi Lisa,
Right now we have on our web site new installation kits fixing the security problem for Oxygen 24.0, 23.1 and we'll soon have the same for Oxygen 22.1.
For older Oxygen versions there was only one component in Oxygen uses the Log4j 2.x libraries, the Calabash XProc engine located in "OXYGEN_INSTALL_DIR\lib\xproc\calabash". If you are not using Oxygen to edit XProc files you can remove that "calabash" folder completely.
Or you can try to use this small free utility we provide to update all Log4.j 2.x libraries in your Oxygen installation:
https://github.com/oxygenxml/oxygen-log4j-patcher
Regards,
Radu
Radu Coravu
Oxygen XML Editor
On 12/17/21 16:14, McAulay, Lisa wrote:
Hi George and Oxygen Users,
I apologize for bothering you at this time, but I'm trying to determine my risk with Oxygen XML 21.1, build 2019120214. I see it lists log4j 1.2.17, which I think isn't affected by this log4j problem. I'm hoping so!
Best regards,
Elizabeth
Elizabeth McAulay
Head of the Digital Library Program
emcaulay /at/ library.ucla.edu
https://digital.library.ucla.edu/
[UCLA Library Logo]<https://www.library.ucla.edu/>
UCLA acknowledges the Gabrielino/Tongva peoples as the traditional land caretakers of Tovaangar (the Los Angeles basin and So. Channel Islands). As a land grant institution, we pay our respects to the Honuukvetam (Ancestors), ‘Ahiihirom (Elders) and ‘Eyoohiinkem (our relatives/relations) past, present and emerging.
________________________________
From: oXygen-user <oxygen-user-bounces at oxygenxml.com><mailto:oxygen-user-bounces at oxygenxml.com> on behalf of George Bina <george at oxygenxml.com><mailto:george at oxygenxml.com>
Sent: Friday, December 17, 2021 5:35 AM
To: oXygen User ML <oxygen-user at oxygenxml.com><mailto:oxygen-user at oxygenxml.com>
Subject: [oXygen-user] [ann] Security maintenance builds in response to the Log4j vulnerability
Hi all,
We made available maintenance builds for many of our products to provide
a fix for the recent security vulnerabilities related to the Apache
Log4j library. These builds cover the latest versions of our products as
well as older versions.
The corresponding security advisory is updated with the latest
information about these issue, you can it at:
https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html
The new maintenance builds that we made available up to this point are
listed below:
Oxygen XML Editor
==========================================
Oxygen XML Editor 24.0 build 2021121518
https://www.oxygenxml.com/xml_editor/download_oxygenxml_editor.html
Oxygen XML Editor 23.1 build 2021121415
https://www.oxygenxml.com/xml_editor/software_archive_editor.html
Oxygen XML Author
==========================================
Oxygen XML Author 24.0 build 2021121518
https://www.oxygenxml.com/xml_author/download_oxygenxml_author.html
Oxygen XML Author 23.1 build 2021121415
https://www.oxygenxml.com/xml_author/software_archive_author.html
Oxygen XML Developer
==========================================
Oxygen XML Developer 24.0 build 2021121518
https://www.oxygenxml.com/xml_developer/download_oxygenxml_developer.html
Oxygen XML Developer 23.1 build 2021121317
https://www.oxygenxml.com/xml_developer/software_archive_developer.html
Oxygen XML Web Author
==========================================
Oxygen XML Web Author 24.0.0 build 2021121314
https://www.oxygenxml.com/xml_web_author/download_oxygenxml_web_author.html
XML Web Author 23.1.1.2 build 2021121408
https://www.oxygenxml.com/xml_web_author/software_archive_web_author.html
Oxygen XML Web Author 22.1.0.4 build 2021121415
https://www.oxygenxml.com/xml_web_author/software_archive_web_author.html
Oxygen Content Fusion
==========================================
Oxygen Content Fusion 4.1.4 build 2021121611
https://www.oxygenxml.com/content_fusion/download.html
Oxygen Content Fusion 3.0.1 build 2021121414
https://www.oxygenxml.com/content_fusion/software_archive_content_fusion.html
Oxygen Content Fusion 2.0.3 build 2021121417
https://www.oxygenxml.com/content_fusion/software_archive_content_fusion.html
Oxygen Feedback
==========================================
Oxygen Feedback Enterprise 1.4.5 build 2021121314
https://www.oxygenxml.com/oxygen_feedback_enterprise/download.html
Oxygen Publishing Engine
==========================================
Oxygen Publishing Engine 24.0 build 2021121611
https://www.oxygenxml.com/publishing_engine/download.html
Oxygen Publishing Engine 23.1 build 2021121413
https://www.oxygenxml.com/publishing_engine/software_archive_publishing_engine.html
Oxygen XML WebHelp
==========================================
Oxygen XML WebHelp 24.0 build 2021121511
https://www.oxygenxml.com/xml_webhelp/download_oxygenxml_webhelp.html
Oxygen XML WebHelp 23.1 build 2021121412
https://www.oxygenxml.com/xml_webhelp/software_archive_webhelp.html
Oxygen PDF Chemistry
==========================================
Oxygen PDF Chemistry 24.0 build 2021121611
https://www.oxygenxml.com/pdf_chemistry/download.html
Oxygen PDF Chemistry 23.1 build 2021121413
https://www.oxygenxml.com/pdf_chemistry/software_archive_chemistry.html
Oxygen License Server
==========================================
Oxygen License Server 24.0 build 2021121311
https://www.oxygenxml.com/license_server/download.html
==========================================
The Oxygen SDK and some of the plugins that we make available that
contain the log4j library were also updated:
Oxygen SDK
==========================================
Oxygen SDK for version 24 is updated to version 24.0.0.2
Oxygen SDK for version 23 is updated to version 23.1.0.4
Oxygen SDK for version 22 is updated to version 22.1.0.6
Please update your dependencies to our SDK to point to the corresponding
fix version of the SDK.
Web Author PDF Plugin
==========================================
Web Author PDF Plugin 24.0.0.1
https://www.oxygenxml.com/maven/com/oxygenxml/web-author-publishing-plugin/24.0.0.1
Web Author PDF Plugin 23.1.1.2
https://www.oxygenxml.com/maven/com/oxygenxml/web-author-publishing-plugin/23.1.1.2
Oxygen XML Editor/Author/Developer plugins
==========================================
Please use the "Help->Manage Add-ons..." action to uninstall previous
versions and make sure you installed the latest version of the following
add-ons:
Oxygen Web Author Test Server Add-on should be updated to version
22.1.1, 23.1.2 or 24.0.1
XSD to JSON Schema Converter should be updated to version 23.1.1 or 24.0.1
Git Client should be update to version 3.0.1
Batch Documents Converter should be updated to version 3.2.1
==========================================
We are still working to provide maintenance builds for more of the older
versions as well as tools to help automating the mitigation steps.
Best Regards,
George
--
George Cristian Bina
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
_______________________________________________
oXygen-user mailing list
oXygen-user at oxygenxml.com<mailto:oXygen-user at oxygenxml.com>
https://www.oxygenxml.com/mailman/listinfo/oxygen-user
_______________________________________________
oXygen-user mailing list
oXygen-user at oxygenxml.com<mailto:oXygen-user at oxygenxml.com>
https://www.oxygenxml.com/mailman/listinfo/oxygen-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.oxygenxml.com/pipermail/oxygen-user/attachments/20211217/7dc59b1e/attachment.html>
More information about the oXygen-user
mailing list