Announcements

  • 2021.3 Cloud Inventory® Release Notes

    The Release Notes for Cloud Inventory® version 2021.3 have been posted to the Apps Channel library. Once the release is fully available, the notes will also be posted, along with detailed documentation, to the Documentation Portal's 2021.3 branch.
  • Zero Day log4j Vulnerability in EPP - UPDATE

    The Apache Software Foundation provided another update to log4j (version 2.17.0) to address a new CVE-2021-45105.

    The latest 2.17.0 update is the latest, fixing the results.

    • Log4j 2.16.0 is vulnerable to CVE-2021-45105, from December 16.
    • Log4j 2.15.0 is vulnerable to CVE-2021-45046, from December 14.
    • Log4j 2.14 and below are CVE-20210-44228 (log4shell), from December 9.

    Specifically, this update fixes a Denial of Service (DoS) vulnerability in 2.16, resulting from uncontrolled self-referential recursion. While the vulnerability does not have the same significance as the previous Log4Shell RCE, the CVE is rated “High” severity with a CVSS score of 7.5. 

    The fast release cycle is the combination of the Apache Software Foundation’s rapid response to resolve the issue, combined with deep worldwide attention from many security researchers looking at every patch. Contrast supports both open source developers as well as the security research communities.

     

    This log4j has been updated to 2.17.0 version in release 10.0.0.15. We recommend you update as soon as possible.

  • AWS Regional Outage - Updated

    The issue that was impacting the US West region has been resolve. We have validated that all Cloud Inventory services are operational and access has been restored. 

    We would strongly suggest that any customer with a gateway, restart that gateway to ensure that all connections are restored properly.

    Thank you for you patience.

  • AWS Regional Outage

    To all DSI Cloud customers in the the US western regions. AWS is reporting a regional based outage that is impacting customers ability to access their Cloud Inventory installations. DSI is working with our Amazon representatives to get a status on resolution.

    We will post updated on multiple communication channels as soon as we have an update.

  • Zero Day log4j Vulnerability in EPP

    Apache Log4j <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. Cloud Inventory® has found that there is very minimal potential impact on EPP 10 versions. Cloud Inventory® is releasing a hotfix imminently with the updated log4j2 code. See the blog post for further information regarding EPP 10.x:
    https://community.dsiglobal.com/blogs/joe-thompson1/2021/12/13/zero-day-log4j-vulnerability-in-epp
    In addition, further information regarding EPP 9.x is available at this blog post: https://community.dsiglobal.com/blogs/joe-thompson1/2021/12/14/zero-day-log4j-vulnerability-in-elsepp-version-9x
  • Attention iOS Mobile Client Users

    We have now updated the iOS Mobile Client app to support iOS 15.1. Version 9.0.36 is available for download on the App Store. Please reach out to your Cloud Inventory® representative with any questions you might have.
  • Attention Android Mobile Client Users

    Please note that, going forward, our Android Mobile Client app will be named Cloud Inventory Mobile Client. You can find the app on the Google Play store here: https://play.google.com/store/apps/details?id=com.dsiglobal.mobileclient

    The iOS version of our Mobile Client remains the same for now, but will also be renamed later. Another announcement will be made here when the iOS version is renamed.

    Please reach out to your Cloud Inventory® representative with any questions you might have.

  • JDE 64-bit Update

    We have finished our analysis of JD Edwards’ 64-bit Update and finalized our testing and release plan. MEP version 9.0SP12 and Cloud Inventory Platform version 9.5SP2 will have fully tested connectors, ready to implement on December 10, 2021. More information is available in this Community post:
  • iOS 15.1 Update

    Attention DSI Mobile Client customers:
    The iOS 15.1 update will cause the current DSI Mobile Client to not function properly, we highly recommend that you stop users from updating iDevices to iOS 15.1 at this time. We are currently working to resolve the issue, and will update you as we progress towards a solution.
  • PLANNED MAINTENANCE NOTIFICATION

    Microsoft has discovered security vulnerabilities in the Windows 2016 and 2019 operating systems, and has issued critical patches to repair the vulnerabilities.

    The Cloud Operations team is conducting off-schedule deployments  using a rolling deployment method during non-peak hours to eliminate the impact on customers. 

    Please see this blog post for further information.
  • View our Podcasts!

    Click here to view our podcasts.
  • NetSuite HMAC SHA-1 Deprecation Schedule

    NetSuite will deprecate their HMAC SHA-1 signature method between July 30, 2021, and Spring 2022. Several key events will happen during this process. The announcement on the Platform Community outlines the events and dates you will need to know.