Connect2id server 11.6.5 security update
Use this update if you are still using a 11.x version.
The security announcement yesterday also has information how to close the vulnerability in Log4j by setting a Java system property.
Note, the open source Nimbus JOSE+JWT library and the OAuth 2.0 / OpenID Connect SDK are not impacted by CVE-2021-44228 as they don't perform internal logging (subject to policy).
Standard Connect2id server edition
Apache Tomcat package with Connect2id server 11.6.5: Connect2id-server.zip
Connect2id server 11.6.5 WAR package: c2id.war
Apache Tomcat package with Connect2id server 11.6.5: Connect2id-server-mt.zip
Connect2id server 11.6.5 WAR package: c2id-multi-tenant.war
Contact Connect2id support.
- Updates Log4j to 12.5.0 to address a critical vulnerability described in CVE 2021-44228, see https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2021-44228 (issue server/707).