here's some fancy news from DEV!
I also want to thank all the involved players for this fantastic teamwork!Dear xServer Stakeholders,
As announced the PTV xServer 1.34.0.2 is now available fixing the critical vulnerability in the Apache Log4j logging framework. We integrated the security update Log4j 2.15.0, but there are two things to note:The on-premise solution can be found here:
- Both the PTV xServer 1.34.0.2 and 2.25.1 now include Log4j 2.15.0. Unfortunately, there are further security risks in this version found, probably on a lower level. Log4j 2.16.0 is already available and we release PTV xServer 1 and 2 again in the next days with this update. Anyway, we recommend to use the just released PTV xServer versions as the “big” security risk is fixed with them. Sorry for the inconvenience, but the situation is very dynamic (like a pandemic).
- Some PTV xServer 1.34 versions end with “.1” (xCluster, xLoad and xMapmatch). This is due to the fact that there was no bugfix release necessary for them last time. Of course, these new versions also include Log4j 2.15.0.
- Developer Zone (login required)
The cloud solution PTV xServer internet using PTV xServer 1.34 is already patched.
And again a big thank you to all involved colleagues for your target-oriented mode in this situation, just wonderful!!!
Regards, your transportation services teams
Bernd