Changelog for Online Update no. 2506

Installation Software update

Bugfixes and features - released on 13.12.2021

  1. Update to patch level 2506
  2. On Friday, December 10, 2021, a critical zero-day vulnerability has been disclosed in a component (Log4J) that is also used in Intrexx (CVE-2021-44228, https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3).

    Intrexx versions 19.03 and higher are affected under certain circumstances.

    A reloading of malicious code as described in the CVE is not possible, but we believe that an extension of the previously known attack by skilled attackers could make it possible to exploit the vulnerability.

    Therefore we advise all our users to apply the latest updates. These updates fix the gap in the library (Log4J).