1,438
edits
Changes
no edit summary
= Security Announces = <!--T:2-->
== December/2021 Log4J Vulnerabilities == <!--T:3-->== December/2021 Log4J Vulnerabilities ==
<!--T:4-->
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105 CVE-2021-45105]: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 CVE-2021-45046]: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations
=== Servers status === <!--T:6-->
Our security team quickly applied the corrections to our servers, and all operations are normal
=== TVCli === <!--T:7-->
We released a update to [[TVCli]] addressing the the problem.
<!--T:8-->
'''TVCli Version < 1.3.0 are vulnerable.'''
<!--T:9-->
You should [[TVCli Download|upgrade]] to new version, as soon as possible.
</translate>