In December the world was greeted with a brand new, very high level security vulnerability. The widely used Apache Log4j library was discovered to have a number of security issues. These can all be read about on Apache’s own logging services site.
While the investigation into the CVEs were taking place, we took corrective action for our Identity Cloud customers. We also advised all of our Identity Platform customers how to best mitigate the ongoing threat. These recommendations are still valid for all currently supported versions of the Identity Platform.
Now that the attack vectors have been corrected by the Apache logging community, we have updated our latest SSO with those corrections available in Log4j2 version 2.17.1. Please find SSO 8.9.2 from our downloads page. The mitigation measures you have already applied can remain in place even when upgrading to this SSO 8.9.2
As with all software, Ubisecure would like to encourage you to upgrade your Identity Platform in a timely manner. Please contact your Integration Partner or Ubisecure Account Representative with any questions. Ubisecure encourages all customers to review and schedule service upgrade to this latest release. Bringing system flexibility, security and new features to ensure the best user experience possible for your businesses is our goal.