8.1. Security Advisories


8.1.1. CVE-2021-45105 and CVE-2021-44832

First published: 2021-01-02

Attention

The LOCKSS 2.x system up to and including version 2.0-alpha5 (originally released 2021-12-17), and the custom Solr and OpenWayback containers it includes, are affected by CVE-2021-45105 and CVE-2021-44832.

The recommended remediation is to upgrade LOCKSS 2.x version 2.0-alpha5 (originally released 2021-12-17) or earlier to LOCKSS 2.0-alpha5b.

See CVE-2021-45105 and CVE-2021-44832 in our Security pages.

8.1.2. CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104

First published: 2021-12-13
Last updated: 2021-01-02

Attention

The LOCKSS 2.x system up to and including version 2.0-alpha4b, and the custom Solr and OpenWayback containers it includes, are affected by CVE-2021-44228 ("Log4Shell"), CVE-2021-45046 and CVE-2021-4104.

Now that the LOCKSS 2.0-alpha5 system is available and that additional vulnerabilities in Log4j 2.x have been discovered, the recommended remediation is to upgrade LOCKSS 2.x version 2.0-alpha4b or earlier to LOCKSS 2.0-alpha5 immediately.

See CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104 in our Security pages.