Bugsnag Enterprise updates
Bugsnag Enterprise updates
www.bugsnag.com

New release Bugsnag On-Premise Single Machine v3.2111.1 and Clustered v4.2111.2

 

Release

  

Mitigates CVE-2021-44228 (log4j remote command execution) vulnerability

Important Note:

The Elasticsearch service included as part of the Busgnag installation may be vulnerable to CVE-2021-44228 (log4j remote command execution) prior to this release, as input to the Bugsnag services could potentially be logged to the Elasticsearch slow log and therefore a crafted input string could be used to exploit the log4j vulnerability. We believe the risk to your Bugsnag installation is low as an exploit is only possible if the attacker has access to the Bugsnag On-Premise services. However, we recommend that you upgrade your installation as soon as possible, and if not already done restrict access to your Bugsnag services (see guidance here).