On December 9, 2021, erwin by Quest was made aware of a critical security vulnerability impacting the Apache Log4j library associated with CVE-2021-44228 (also known as Log4Shell or LogJam).
For further information on this please click here
How does this affect me?
Based on our due diligence, the following is a quick summary of the current state of the DI and BUP applications
(please refer to the short-term and longer term resolution plan provided in the below section)
The erwin BUP IMPACTED VERSIONS are 10.2.x versions and 11.0.x version.
Workaround
Your current erwin DIS- BUP environments can be protected immediately with short term simple JVM property change in the short term.
Please see the pdf document in the knowledge base article for details on our short term mitigation and our long term plan.
Status
erwin BUP will release newer product versions in early Q1 2022 that will use the latest versions of Log4j.
Please review the following knowledge base article for further updates on this issue.
We apologize for the inconvenience this issue may have caused and look forward to assisting you in the future.© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center
