1/31/22 2:01pm EST (UTC-5:00)
CMS Enterprise version 4.3.8.0 was released on 1/21/22 which contains the mitigation for the Log4j issue. You can download the update here - CMS Enterprise - Software for ScreenBeam commercial receivers
1/14/22 5:21pm EST (UTC-5:00)
Due to a critical bug discovered in the CMS Enterprise 4.3.7.0 release candidate, the next public release will be 4.3.8.0 and should be available the week of January 17th. We apologize for the delay, the bug has already been addressed and the release candidate is going through QA.
1/6/22 11:02am EST (UTC-5:00)
Release date for CMS Enterprise 4.3.7.0 has been pushed one week, expected release by January 14th, 2022. Table below from 12/17/21 has been updated to reflect this change. We apologize for the delay which will allow us to consolidate product/feature updates and Log4j mitigation into a single release.
12/17/21 3:16pm EST (UTC-5:00)
Our engineers have completed an updated review of our ScreenBeam commercial products, the results are covered in the table below:
| Product | Is it effected? | Resolution |
| CMS Enterprise (4.3.x.x) | Effected log4j libraries are present but not used in any way |
4.3.7.0 available week of January 17th, 2022 |
| CMS Enterprise (4.2.x.x) | No | |
| CMS (2.6.x.x) | No | |
| ScreenBeam 1100 Plus (11.1.11.x) | No | |
| ScreenBeam 1000EDU (11.0.11.x) | No | |
| ScreenBeam 1100 | No | |
| ScreenBeam 960 (9.15.44.0+) | No | |
| ScreenBeam 750 (2.15.44.0+) | No |
Our engineering team has reviewed our code base and performed vulnerability testing with the latest analysis resources available to make determinations regarding whether or not products are effected.
Based on the existing timeline for CMSE 4.3.7.0 release and the QA time required for an interim build the planned release of 4.3.6.100 has been scrapped.
12/14/21 7:37pm EST (UTC-5:00)
Our engineers have completed a preliminary review of our ScreenBeam commercial products, the results as of 12/14/21 can be found in the comments below this article.
12/12/21 3:47pm EST ( UTC-5:00)
ScreenBeam is aware of the zero-day vulnerability CVE-2021-44228 with Log4j. Our engineering and security teams are actively working to asses any potential impact to ScreenBeam products. As soon as we have an update from our internal teams on whether any products are effected, mitigation steps, and timelines for updates (if needed) we will share that information here.
Sign in or create an account to subscribe to updates to this article:
|
1. |
Click “Sign In” button on the upper right-hand corner of this page. Use your ScreenBeam account login credentials to log in. If you do not have an account you can create an account by clicking "Sign Up" in the Sign into ScreenBeam Support window. NOTE: Your personal information will not be shared or used for marketing purposes. You will only receive notifications of updates for devices you choose. |
|
|
2. |
Select "ScreenBeam Receivers" from the menu |
|
|
3. |
In the Deployment section, click on December 2021 - Security Alert - Log4j / CVE-2021-44228 |
|
|
4. |
Click the “Follow” button at the top-right corner of the article |
|
Comments
5 comments
Our engineers have completed a preliminary review of our ScreenBeam commercial products, the results are covered in the table below:
4.3.6.100 maintenance release with code removed will be created
4.3.7.0 available by January 7th, 2022
12/17/21 3:16pm EST (UTC-5:00)
Our engineers have completed an updated review of our ScreenBeam commercial products, the results are covered in the table below:
4.3.7.0 available by January 7th, 2022
Our engineering team has reviewed our code base and performed vulnerability testing with the latest analysis resources available to make determinations regarding whether or not products are effected.
Based on the existing timeline for CMSE 4.3.7.0 release and the QA time required for an interim build the planned release of 4.3.6.100 has been scrapped.
1/6/22 11:02am EST (UTC-5:00)
Release date for CMS Enterprise 4.3.7.0 has been pushed one week, expected release by January 14th, 2022. Table below from 12/17/21 has been updated to reflect this change. We apologize for the delay which will allow us to consolidate product/feature updates and Log4j mitigation into a single release.
1/14/22 5:21pm EST (UTC-5:00)
Due to a critical bug discovered in the CMS Enterprise 4.3.7.0 release candidate, the next public release will be 4.3.8.0 and should be available the week of January 17th. We apologize for the delay, the bug has already been addressed and the release candidate is going through QA.
1/31/22 2:01pm EST (UTC-5:00)
CMS Enterprise version 4.3.8.0 was released on 1/21/22 which contains the mitigation for the Log4j issue. You can download the update here - CMS Enterprise - Software for ScreenBeam commercial receivers
Please sign in to leave a comment.