Connect2id server 11.6.6 security update
This release of the Connect2id server backports the security patch to address the most recent Log4j CVE-2021-45046, which was announced yesterday and is closely related to the original Log4shell vulnerability from last week.
Several other updates under the hood are also included. As with the 12.5.2 update, this one for 11.x is critical and highly recommended.
Download
Standard Connect2id server edition
Apache Tomcat package with Connect2id server 11.6.6: Connect2id-server.zip
SHA-256: 5abd1efa691a059e380f8a6f712f9e09220c3f78b7aa308d8bfd927f1446ab77
Connect2id server 11.6.6 WAR package: c2id.war
SHA-256: a9ef91aa5f9e71081377d1b815042c086bdd38e1bbc3d974f6ec0f9ee1cb0232
Multi-tenant edition
Apache Tomcat package with Connect2id server 11.6.6: Connect2id-server-mt.zip
SHA-256: b24d9c1bab76ee6bcce26e7fb019d14df8104318cad4a6b40a7facc273049a75
Connect2id server 11.6.6 WAR package: c2id-multi-tenant.war
SHA-256: eb642f6d8f6d44a68750ff12ab2c4178539de09506eab3ecca146a99f5a2cdd4
Questions?
Contact Connect2id support.
Release notes
11.6.6 (2021-12-15)
Resolved issues
- Updates Log4j to 2.16.0 to address a critical vulnerability described in CVE-2021-45046, see https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2021-45046 (issue server/708).
Dependency changes
Updates Log4j to 2.16.0
Updates to com.google.code.gson:gson:2.8.9
Updates BouncyCastle to 1.70.
Updates to com.unboundid:unboundid-ldapsdk:6.0.3