8.1. Security Advisories
8.1.1. CVE-2021-45105 and CVE-2021-44832
Attention
The LOCKSS 2.x system up to and including 2.0.51-alpha5 (originally released 2021-12-17), and the custom Solr and OpenWayback containers it includes, are affected by CVE-2021-45105 and CVE-2021-44832.
The recommended remediation is to upgrade LOCKSS 2.0.51-alpha5 and earlier to LOCKSS 2.0.52-alpha5 or later.
See CVE-2021-45105 and CVE-2021-44832 in our Security pages.
8.1.2. CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104
Attention
The LOCKSS 2.x system up to and including version 2.0.42-alpha4, and the custom Solr and OpenWayback containers it includes, are affected by CVE-2021-44228 ("Log4Shell"), CVE-2021-45046 and CVE-2021-4104.
Because additional vulnerabilities in Log4j 2.x have been discovered, the recommended remediation is to upgrade to LOCKSS version 2.0.42-alpha4 and earlier to LOCKSS 2.0.52-alpha5 immediately.
See CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104 in our Security pages.