December 2021 - Security Alert - Log4j / CVE-2021-44228

Follow

Comments

5 comments

  • Parker D

    Our engineers have completed a preliminary review of our ScreenBeam commercial products, the results are covered in the table below:

    Product Is it effected? Resolution
    CMS Enterprise (4.3.x.x) Effected log4j libraries are present but not in any way

    4.3.6.100 maintenance release with code removed will be created

    4.3.7.0 available by January 7th, 2022

    CMS Enterprise (4.2.x.x) No, code not present  
    CMS (2.6.x.x) No, code not present  
    ScreenBeam 1100 Plus Under assessment, update expected 12/15  
    ScreenBeam 1000EDU Under assessment, update expected 12/15  
    ScreenBeam 1100 Under assessment, update expected 12/15  
    ScreenBeam 960 (9.15.44.0+) No, code not present  
    ScreenBeam 750 (2.15.44.0+) No, code not present  
    0
    Comment actions Permalink
  • Parker D

    12/17/21 3:16pm EST (UTC-5:00)

    Our engineers have completed an updated review of our ScreenBeam commercial products, the results are covered in the table below:

    Product Is it effected? Resolution
    CMS Enterprise (4.3.x.x) Effected log4j libraries are present but not used in any way

    4.3.7.0 available by January 7th, 2022

    CMS Enterprise (4.2.x.x) No  
    CMS (2.6.x.x) No  
    ScreenBeam 1100 Plus (11.1.11.x) No  
    ScreenBeam 1000EDU (11.0.11.x) No  
    ScreenBeam 1100 No  
    ScreenBeam 960 (9.15.44.0+) No  
    ScreenBeam 750 (2.15.44.0+) No  

    Our engineering team has reviewed our code base and performed vulnerability testing with the latest analysis resources available to make determinations regarding whether or not products are effected.

    Based on the existing timeline for CMSE 4.3.7.0 release and the QA time required for an interim build the planned release of 4.3.6.100 has been scrapped.

    0
    Comment actions Permalink
  • Parker D

    1/6/22 11:02am EST (UTC-5:00)

    Release date for CMS Enterprise 4.3.7.0 has been pushed one week, expected release by January 14th, 2022.  Table below from 12/17/21 has been updated to reflect this change.  We apologize for the delay which will allow us to consolidate product/feature updates and Log4j mitigation into a single release.

    0
    Comment actions Permalink
  • Parker D

    1/14/22 5:21pm EST (UTC-5:00)

    Due to a critical bug discovered in the CMS Enterprise 4.3.7.0 release candidate, the next public release will be 4.3.8.0 and should be available the week of January 17th.  We apologize for the delay, the bug has already been addressed and the release candidate is going through QA.

    0
    Comment actions Permalink
  • Parker D

    1/31/22 2:01pm EST (UTC-5:00)

    CMS Enterprise version 4.3.8.0 was released on 1/21/22 which contains the mitigation for the Log4j issue.  You can download the update here - CMS Enterprise - Software for ScreenBeam commercial receivers

    0
    Comment actions Permalink

Please sign in to leave a comment.