Connect2id server 11.6.6 security update

This release of the Connect2id server backports the security patch to address the most recent Log4j CVE-2021-45046, which was announced yesterday and is closely related to the original Log4shell vulnerability from last week.

Several other updates under the hood are also included. As with the 12.5.2 update, this one for 11.x is critical and highly recommended.


Standard Connect2id server edition

Apache Tomcat package with Connect2id server 11.6.6:

SHA-256: 5abd1efa691a059e380f8a6f712f9e09220c3f78b7aa308d8bfd927f1446ab77

Connect2id server 11.6.6 WAR package: c2id.war

SHA-256: a9ef91aa5f9e71081377d1b815042c086bdd38e1bbc3d974f6ec0f9ee1cb0232

Multi-tenant edition

Apache Tomcat package with Connect2id server 11.6.6:

SHA-256: b24d9c1bab76ee6bcce26e7fb019d14df8104318cad4a6b40a7facc273049a75

Connect2id server 11.6.6 WAR package: c2id-multi-tenant.war

SHA-256: eb642f6d8f6d44a68750ff12ab2c4178539de09506eab3ecca146a99f5a2cdd4


Contact Connect2id support.

Release notes

11.6.6 (2021-12-15)

Resolved issues

  • Updates Log4j to 2.16.0 to address a critical vulnerability described in CVE-2021-45046, see name=CVE-2021-45046 (issue server/708).

Dependency changes

  • Updates Log4j to 2.16.0

  • Updates to

  • Updates BouncyCastle to 1.70.

  • Updates to com.unboundid:unboundid-ldapsdk:6.0.3