By Fredrik Brattstig @virtualbrat
22 December -21 IGEL has just published a new version of the Universal Management Suite (UMS) that removes the vulnerability in the Elastic Search component. The new version is named UMS 6.09.120 and you can download it here:
https://www.igel.com/software-downloads/workspace-edition/#collapse2
You can read about the threat here in the IGEL ISN page:
https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html
Here are the release notes for reference.
UMS 6.09.120
Security:
Changed: Updated Apache Log4j 2 library to version 2.17.0 to fix critical security vulnerability ISN-2021-11.
Fixed:
Fixed: It was not possible to write almost any key combination with the 'Alt Gr' key in the secure terminal dialog if the UMS was installed on windows.
Fixed: An error in certificate distribution to devices could occur when the same IGEL Cloud Gateway certificate was added more than once to UMS in the IGEL Cloud Gateway dialog. Duplicate entries are now supported but should be avoided.
Fixed: Performance issue referring to Automatic License Deployment (ALD) which could occur under certain circumstances.
UMS WebApp 6.09.120
Security:
Changed: Updated Elastic-Search to 7.16.2 (resolved: log4j-security issue)
IGEL strongly recommends that all users update/upgrade to UMS 6.09.120 due to the UMS Log4j vulnerability.Don’t wait, do the upgrade now!
Sleep well again with IGEL!
/Fred
VirtualBrat 