The Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105.
The latest 2.17.0 update is the latest, fixing the results.
Specifically, this update fixes a Denial of Service (DoS) vulnerability in 2.16, resulting from uncontrolled self-referential recursion. While the vulnerability does not have the same significance as the previous Log4Shell RCE, the CVE is rated “High” severity with a CVSS score of 7.5.
The fast release cycle is the combination of the Apache Software Foundation’s rapid response to resolve the issue, combined with deep worldwide attention from many security researchers looking at every patch. Contrast supports both open source developers as well as the security research communities.
This log4j has been updated to 2.17.0 version in release 10.0.0.15. We recommend you update as soon as possible.
The issue that was impacting the US West region has been resolve. We have validated that all Cloud Inventory services are operational and access has been restored.
We would strongly suggest that any customer with a gateway, restart that gateway to ensure that all connections are restored properly.
Thank you for you patience.
To all DSI Cloud customers in the the US western regions. AWS is reporting a regional based outage that is impacting customers ability to access their Cloud Inventory installations. DSI is working with our Amazon representatives to get a status on resolution.
We will post updated on multiple communication channels as soon as we have an update.
Please note that, going forward, our Android Mobile Client app will be named Cloud Inventory Mobile Client. You can find the app on the Google Play store here: https://play.google.com/store/apps/details?id=com.dsiglobal.mobileclient
The iOS version of our Mobile Client remains the same for now, but will also be renamed later. Another announcement will be made here when the iOS version is renamed.
Please reach out to your Cloud Inventory® representative with any questions you might have.
NetSuite will deprecate their HMAC SHA-1 signature method between July 30, 2021, and Spring 2022. Several key events will happen during this process. The announcement on the Platform Community outlines the events and dates you will need to know.