JBoss Tools and Red Hat CodeReady Studio for Eclipse 2021-09 security fix release for Apache Log4j CVE-2021-45105 and CVE-2021-44832
Apache Log4j CVE-2021-44832 statement
A remote code execution vulnerability in the Apache Log4j 2 Java library when using a JDBC Appender with a JNDI LDAP data source URI (see https://logging.apache.org/log4j/2.x/index.html#News or https://nvd.nist.gov/vuln/detail/CVE-2021-44832) has been releaved to the public audience on Tuesday Dec 28th, 2021.
Apache Log4j CVE-2021-45105 statement
A denial of service vulnerability in the Apache Log4j 2 Java library (see https://logging.apache.org/log4j/2.x/index.html#News or https://nvd.nist.gov/vuln/detail/CVE-2021-45105) has been releaved to the public audience on Thursday Dec 30th, 2021.
We’ve released new versions of JBoss Tools and Red Hat CodeReady Studio that switches the version of Apache Log4j to 2.17.1.
We highly recommand to download or update to this latest version.
Installation
Red Hat CodeReady Studio comes with everything pre-bundled in its installer. Simply download it from our Red Hat CodeReady product page and run it like this:
java -jar codereadystudio-<installername>.jar
JBoss Tools or Bring-Your-Own-Eclipse (BYOE) CodeReady Studio require a bit more:
This release requires at least Eclipse 4.21 (2021-09) but we recommend using the latest Eclipse 4.21 2021-09 JEE Bundle
since then you get most of the dependencies preinstalled.
Java11 is now required to run Red Hat Developer Studio or JBoss Tools (this is a requirement from Eclipse 4.17). So make sure to select a Java11 JDK in the installer. You can still work with pre-Java11 JDK/JRE and projects in the tool. |
Once you have installed Eclipse, you can either find us on the Eclipse Marketplace under "JBoss Tools" or "Red Hat CodeReady Studio".
For JBoss Tools, you can also use our update site directly.
http://download.jboss.org/jbosstools/photon/stable/updates/