Blog »

Connect2id server 12.5.4 and 11.6.7 security updates addressing Log4j CVE-2021-45105

2021-12-18

This Connect2id server release addresses a second post-Log4shell vulnerability discovered in Log4j, which can result in a DoS and is described in CVE-2021-45105.

Updating is strongly recommended to secure your deployments.

There are also updated c2id/c2id-server-demo and c2id/c2id-server-min Docker images available.

Download 12.5.4

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 12.5.4: Connect2id-server.zip

SHA-256: 2860513912e3494d172764e9c2e0a159241d5e41c1663bdaf714021f6921f7ac

Connect2id server 12.5.4 WAR package: c2id.war

SHA-256: 520d3c398faccd29ed41244dcb79a8f3dcb6a825d111d20665965ad85b84bc5a

Multi-tenant edition

Apache Tomcat package with Connect2id server 12.5.4: Connect2id-server-mt.zip

SHA-256: 7859e9f37bd3ffcce1793e34921559bf03a9425831075cf22fcef311f8d316be

Connect2id server 12.5.4 WAR package: c2id-multi-tenant.war

SHA-256: c83965f09030956ceb6cf14fc1dbb983fe4b74620700dbbdf4e2e4b2a074edb2

Download 11.6.7

Standard Connect2id server edition

Apache Tomcat package with Connect2id server 11.6.7: Connect2id-server.zip

SHA-256: e64d746617c750cf9abc954be9108541170d7b747a8ac4214f56538e6a45489b

Connect2id server 11.6.7 WAR package: c2id.war

SHA-256: 406bb18a8705b1230959553abaa2642f77dedd0399df71e1b65d303b47b5565e

Multi-tenant edition

Apache Tomcat package with Connect2id server 11.6.7 Connect2id-server-mt.zip

SHA-256: ee926caabf4411c6b3ca481f1a1d456e1e9b37721581cc60997049f4d00e33cc

Connect2id server 11.6.7 WAR package: c2id-multi-tenant.war

SHA-256: 06bbef74bdd6b819bdf5ee967b29b697d5d3d324ee6acbcbb8ffc4c34a01f34f

Questions?

Contact Connect2id support.

Release notes

12.5.4 (2021-12-18)

Resolved issues

  • Updates Log4j to 2.17.0 to address a critical DoS vulnerability described in CVE-2021-45105, see https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2021-45105 (issue server/711).

Dependency changes

  • Updates Log4j to 2.17.0

11.6.7 (2021-12-18)

Resolved issues

  • Updates Log4j to 2.17.0 to address a critical DoS vulnerability described in CVE-2021-45105, see https://cve.mitre.org/cgi-bin/cvename.cgi? name=CVE-2021-45105 (issue server/711).

Dependency changes

  • Updates Log4j to 2.17.0