Eclipse Kura 4.1.3

4.1.3

Description

Eclipse Kura 4.1.3 is a service release to address various CVEs in framework dependencies. In particular, the release addressed CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 by updating Log4J to version 2.17.0. Further platform updates are for Google Protobuf to 3.8.0 and Jetty to version 9.4.41.

 

Target Platform Updates

  • log4j.version=2.17.0
  • slf4j.api.version=1.7.32
  • com.google.protobuf.version=3.8.0
  • org.eclipse.jetty.continuation.version=9.4.41.v20210516
  • org.eclipse.jetty.http.version=9.4.41.v20210516
  • org.eclipse.jetty.io.version=9.4.41.v20210516
  • org.eclipse.jetty.security.version=9.4.41.v20210516
  • org.eclipse.jetty.server.version=9.4.41.v20210516
  • org.eclipse.jetty.servlet.version=9.4.41.v20210516
  • org.eclipse.jetty.util.version=9.4.41.v20210516
  • org.eclipse.jetty.util.ajax.version=9.4.41.v20210516

Compatibility:

  • Eclipse Kura v4.1.3 does not introduce API breakage with previous releases.
Security Issues

The Kura Release fixes the Log4J vulnerabilities CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 

by updating the Log4J dependencies to 2.17.0.

Further platform updates are for Google Protobuf to 3.8.0 and Jetty to version 9.4.41.

Conforms To UI/UX Guidelines
Not verified
Communities

Eclipse Kura Forums: https://www.eclipse.org/forums/index.php/f/273/