Eclipse Kura 4.1.3 is a service release to address various CVEs in framework dependencies. In particular, the release addressed CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 by updating Log4J to version 2.17.0. Further platform updates are for Google Protobuf to 3.8.0 and Jetty to version 9.4.41.
Target Platform Updates
- log4j.version=2.17.0
- slf4j.api.version=1.7.32
- com.google.protobuf.version=3.8.0
- org.eclipse.jetty.continuation.version=9.4.41.v20210516
- org.eclipse.jetty.http.version=9.4.41.v20210516
- org.eclipse.jetty.io.version=9.4.41.v20210516
- org.eclipse.jetty.security.version=9.4.41.v20210516
- org.eclipse.jetty.server.version=9.4.41.v20210516
- org.eclipse.jetty.servlet.version=9.4.41.v20210516
- org.eclipse.jetty.util.version=9.4.41.v20210516
- org.eclipse.jetty.util.ajax.version=9.4.41.v20210516
Compatibility:
- Eclipse Kura v4.1.3 does not introduce API breakage with previous releases.