8.1. Security Advisories

Topic Overview

CVE-2021-45105 and CVE-2021-44832
CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104

8.1.1. CVE-2021-45105 and CVE-2021-44832 

First published: 2021-01-02

Attention

The LOCKSS 2.x system up to and including 2.0.51-alpha5 (originally released 2021-12-17), and the custom Solr and OpenWayback containers it includes, are affected by CVE-2021-45105 and CVE-2021-44832.

The recommended remediation is to upgrade LOCKSS 2.0.51-alpha5 and earlier to LOCKSS 2.0.52-alpha5 or later.

See CVE-2021-45105 and CVE-2021-44832 in our Security pages.

8.1.2. CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104 

First published: 2021-12-13

Last updated: 2021-01-02

Attention

The LOCKSS 2.x system up to and including version 2.0.42-alpha4, and the custom Solr and OpenWayback containers it includes, are affected by CVE-2021-44228 ("Log4Shell"), CVE-2021-45046 and CVE-2021-4104.

Because additional vulnerabilities in Log4j 2.x have been discovered, the recommended remediation is to upgrade to LOCKSS version 2.0.42-alpha4 and earlier to LOCKSS 2.0.52-alpha5 immediately.

See CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104 in our Security pages.

8.1. Security Advisories

8.1.1. CVE-2021-45105 and CVE-2021-44832

8.1.2. CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104

8.1.1. CVE-2021-45105 and CVE-2021-44832 

8.1.2. CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104 