Upgrade your IGEL UMS to eliminate the Log4j threat – and do it now!

By Fredrik Brattstig @virtualbrat

22 December -21 IGEL has just published a new version of the Universal Management Suite (UMS) that removes the vulnerability in the Elastic Search component. The new version is named UMS 6.09.120 and you can download it here:

https://www.igel.com/software-downloads/workspace-edition/#collapse2

You can read about the threat here in the IGEL ISN page:
https://kb.igel.com/securitysafety/en/isn-2021-11-ums-log4j-vulnerability-54086712.html

Here are the release notes for reference.

UMS 6.09.120

Security:

Changed: Updated Apache Log4j 2 library to version 2.17.0 to fix critical security vulnerability ISN-2021-11.
Fixed:

Fixed: It was not possible to write almost any key combination with the 'Alt Gr' key in the secure terminal dialog if the UMS was installed on windows.
Fixed: An error in certificate distribution to devices could occur when the same IGEL Cloud Gateway certificate was added more than once to UMS in the IGEL Cloud Gateway dialog. Duplicate entries are now supported but should be avoided.
Fixed: Performance issue referring to Automatic License Deployment (ALD) which could occur under certain circumstances.
UMS WebApp 6.09.120

Security:

Changed: Updated Elastic-Search to 7.16.2 (resolved: log4j-security issue)
IGEL strongly recommends that all users update/upgrade to UMS 6.09.120 due to the UMS Log4j vulnerability.

Don’t wait, do the upgrade now!

Sleep well again with IGEL!

/Fred