Eclipse Kura 4.1.3

Eclipse Kura 4.1.3 is a service release to address various CVEs in framework dependencies. In particular, the release addressed CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 by updating Log4J to version 2.17.0. Further platform updates are for Google Protobuf to 3.8.0 and Jetty to version 9.4.41.

 

Target Platform Updates

  • log4j.version=2.17.0
  • slf4j.api.version=1.7.32
  • com.google.protobuf.version=3.8.0
  • org.eclipse.jetty.continuation.version=9.4.41.v20210516
  • org.eclipse.jetty.http.version=9.4.41.v20210516
  • org.eclipse.jetty.io.version=9.4.41.v20210516
  • org.eclipse.jetty.security.version=9.4.41.v20210516
  • org.eclipse.jetty.server.version=9.4.41.v20210516
  • org.eclipse.jetty.servlet.version=9.4.41.v20210516
  • org.eclipse.jetty.util.version=9.4.41.v20210516
  • org.eclipse.jetty.util.ajax.version=9.4.41.v20210516

Compatibility:

  • Eclipse Kura v4.1.3 does not introduce API breakage with previous releases.
Release Date
Release Type
Service release (bug fixes only)