Connect2id server 11.6.6 security update
This release of the Connect2id server backports the security patch to address the most recent Log4j CVE-2021-45046, which was announced yesterday and is closely related to the original Log4shell vulnerability from last week.
Several other updates under the hood are also included. As with the 12.5.2 update, this one for 11.x is critical and highly recommended.
Standard Connect2id server edition
Apache Tomcat package with Connect2id server 11.6.6: Connect2id-server.zip
Connect2id server 11.6.6 WAR package: c2id.war
Apache Tomcat package with Connect2id server 11.6.6: Connect2id-server-mt.zip
Connect2id server 11.6.6 WAR package: c2id-multi-tenant.war
Contact Connect2id support.
- Updates Log4j to 2.16.0 to address a critical vulnerability described in CVE-2021-45046, see https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2021-45046 (issue server/708).
Updates Log4j to 2.16.0
Updates to com.google.code.gson:gson:2.8.9
Updates BouncyCastle to 1.70.
Updates to com.unboundid:unboundid-ldapsdk:6.0.3