r Robert
on

 

Hi - Will you be posting an updated Pinnacle version to address the log4j vulnerability CVE-2021-44228?

Thanks,
Rob

Forums: Troubleshooting and Problems

Sergiy
on December 14, 2021

Hi Rob, 

What version of P21 Community do you refer to?

Thank you,
Sergiy

p Philip
on December 15, 2021

Hi Rob,

P21 Community 3.0.0 and higher do not use log4j, the java package of concern in the recent server-side RCE exploits.

(Also, Pinnacle 21 Enterprise does not use log4j either. P21 Enterprise clients are welcome to contact their Success/Support agent for details.)

P21 Community 2.2.0 and lower did use log4j. However, we have not distributed that version since May 2019. Also, End of Life for P21 Community 2.x and lower occurred on March 31, 2021. Support has not been provided after this date. Please upgrade to 3.1.2 via our Downloads page.

If you are somehow using P21 Community 2.2.0 and lower, past their official End of Life date and against P21's firm recommendation to upgrade, you are exposing yourself to a non-zero amount of risk. Immediate upgrade to P21 Community 3.1.2, which does not contain the log4j library at all, is strongly advised.

Kind regards,
PJ

Want a demo?

Let’s Talk.

We're eager to share and ready to listen.

Cookie Policy

Pinnacle 21 uses cookies to make our site easier for you to use. By continuing to use this website, you agree to our use of cookies. For more info visit our Privacy Policy.