Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleRegarding Metabase

Metabase includes Log4j and is vulnerable to CVE-2021-44228. For a first fix we update to Metabase 0.40.7 (which includes Log4j 2.15.0 and protects from the remote code execution exploit). Releases with this fix can be found in the left part of the table above. (column marked with 1) )

The more recently discovered CVE-2021-45046 requires Log4j 2.16.0, and the even more recent CVE-2021-45105 requires 2.17.0. Both CVEs are fixed in our own code (release in column marked with 1) ), but we are waiting for the Metabase release which includes 2.17.0 at the moment for the our next release.
Until then, you can go with the release that fixes the problem in our code and manually turn off Metabase for now:

  • Connect to the appliance with ssh or putty
  • For GreenLight:

    Code Block
    docker stop gl_metabase
  • For OfficeExpert and iDNA Applications:

    Code Block
    docker stop panagenda_metabase

...