A critical (CVSS score 10) remote code execution vulnerability affecting Apache Log4j has been identified as CVE-2021-44228. As Lucent Sky and the industry at large continue to understand the impact of this threat, we will publish information to help customers identify and remediate the vulnerability.
In addition to help customers ensuring their applications are protected against this threat, Lucent Sky has been analyzing our products and services to understand where Apache Log4j may be used and are taking immediate actions to remediate them. If we identify any customer impact, we will notify the impacted party.
This vulnerability affects all version from 2.0-beta9 to 2.14.1. Anyone using Log4j should update to version 2.15.0 or later immediately. As with Log4j 2.13 or later, the update requires Java 8.
If the application cannot be updated and has Log4j version 2.10 or later, you can mitigate this vulnerability by setting system property log4j2.formatMsgNoLookups to true. If the application has Log4j version between 2.0-beta9 and 2.9.x, you can mitigate this vulnerability by removing the JndiLookup class from the class path.
We have updated the dependency analysis rules for Lucent Sky AVM to identify CVE-2021-44228 and provide dependency update guidance.
If you are using Lucent Sky AVM On-Demand or managed instances, the dependency analysis rules have been updated to identify CVE-2021-44228 and provide dependency update guidance. For customers managing their own instances, our support team or partners will reach out to you to update them.
Welcome to Lucent Sky AVM version 2109 MR, the third Minor Release for 2021. This release brings support for Go application, binary analysis for JSP in Maven applications, and improvements on analysis engines. The Web UI receives usability improvements and includes an offline version of Lucent Sky Docs, enabling those back to office (and without functioning Internet) easier access to product documentation. To learn more about this release, visit Lucent Sky AVM version 2109 release notes.
Welcome to Lucent Sky AVM version 2106 MR, the second Minor Release for 2021. Performance is the primary focus of this release, and it comes with faster language parsing, more scalable I/O subsystem, and performance improvements on eight analysis engines. This release also brings native Gradle support and improved support for Maven applications. In 2106 MR, the CLI also gets "autopilot", a feature that takes the guesswork out of setting up applications for analysis. To learn more about this release, visit [Lucent Sky AVM version 2106 release notes(https://docs.lucentsky.com/en/avm/release-notes/2106(" target="_blank"></a>.)
Welcome to Lucent Sky AVM version 2103 MR, the first Minor Release for 2021. This release enables developers and engineers to better tackle software supply chain attacks, as well as to take advantage of the “configuration as code” trend to integrate security testing and vulnerability remediation with their codebase. It also brings new analysis engines and major enhancements to the remediation algorithms. To learn more about this release, visit Lucent Sky AVM version 2103 release notes.
Welcome to Lucent Sky AVM version 2009 SU1, the first Service Update for 2009 MR. In addition to bug fixes, this Service Update also includes minor improvements on analysis engines and better remediation support for imported SAST scans. To learn more about this release, visit Lucent Sky AVM version 2009 release notes.