Log4Shell Update

Update from 15.12.21

The original bug fix by the log4j team in version 2.15.0 could still be exploited for a “Denial of Service” attack. With the new version 2.16.0, this vulnerability has also been closed.

A secure patch file is now available for download for self-hosters.

• 6.8. 48 or newer under “Version Archive”
• 6.9. 55 or newer under “Version Archive”
• 6.10. 73 or newer under “Current Version”

For customers with basic and standard hosting, the patch will be applied automatically tonight.

On the Log4Shell security vulnerability

Note: For projectfacts customers on versions 6.8, 6.9 or 6.10 with basic or standard hosting, the security vulnerability has already been closed.

The Log4Shell security vulnerability is a weakness in the JAVA library Log4j. It allows attackers to take complete control of the system by executing certain commands via input fields on a website.

Further information on the Log4Shell security vulnerability can be found on the page of the Federal Office for Information Security (BSI).

If you host projectfacts with us (basic or standard hosting) and use one of versions 6.8, 6.9 or 6.10, you are already protected.

If you self-host projectfacts and use one of versions 6.8, 6.9 or 6.10, please download the patch file we are providing for download as quickly as possible.

• 6.8. 47 or newer under “Version Archive”
• 6.9. 54 or newer under “Version Archive”
• 6.10. 71 or newer under “Current Version”

If you self-host projectfacts and use a version older than 6.8, 6.9 or 6.10, please arrange an update to at least version 6.8 as quickly as possible.

This evening (13.12.21) from 10 pm we will be carrying out additional maintenance work on our servers, meaning that there may be interruptions between 10:00 pm and midnight.