New MVVS version posted !!!Please upgrade to MVVS v1.3.2 to resolve critical zero-day vulnerability!!!
On December 10th, one day after the release of MVVS 1.3.0, a zero-day vulnerability against Apache Log4j versions prior to 2.15 was announced. The fix for this vulnerability is to upgrade to Log4j v2.15.0.Â
MV BASIC for VS Code v1.3.0 and prior contains and uses a version of Log4j that can potentially be exploited by this vulnerability. We initially upgraded the Log4j version in MVVS 1.3.1 to v2.15.0 to resolve this issue. It was determined the Log4j v2.1.5 did not fully resolve the vulnerability and a subsequent v2.16 was released. We therefore have upgraded MVVS 1.3.2 to v2.16.0 and advise that you upgrade.Â
Please feel free to reach out to support or PM should you have any questions or concerns regarding the Apache Log4j zero-day vulnerability.
------------------------------
Christine Rizza
MV Product Manager
Rocket Software
crizza@rocketsoftware.com
------------------------------
Sign up
Already have an account? Login
Welcome to the Rocket Forum!
Please log in or register:
Employee Login | Registration Member Login | RegistrationEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.
77 4th Avenue
Waltham, MA 02451 USA
