Eclipse Kura 5.0.1

5.0.1

Description

This service release of Eclipse Kura fixes the Log4J vulnerabilities CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 

by updating the Log4J dependencies to 2.17.0. Slf4J has been updated as well to 1.7.32. 



Target Platform Updates

  • log4j.version=2.17.0
  • slf4j.api.version=1.7.32



Target Environments:

 Eclipse Kura is released as pre-compiled binary installers for the following platforms:

  • Raspberry Pi 2/3/4 based on Raspberry Pi OS (32 bits)
  • Intel Up Squared board running Ubuntu 18  
  • Intel Up Squared board running Centos 7 (Experimental)
  • Rock960 ARM_64 running Ubuntu 16 (NN version only)

 Eclipse Kura is also available as a pre-built Docker container for Centos 7 and Alpine

Security Issues

CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 solved by updating the Log4J dependencies to 2.17.0

Conforms To UI/UX Guidelines
Not verified
Communities

Issues related to the Kura v5.0 release: https://github.com/eclipse/kura/issues?q=is%3Aopen+is%3Aissue+project%3Aeclipse%2Fkura%2F4

Pull Requests related to the Kura v5.0 release: https://github.com/eclipse/kura/pulls?q=is%3Aopen+is%3Apr+project%3Aeclipse%2Fkura%2F4

Eclipse Kura Forums: https://www.eclipse.org/forums/index.php/f/273/