[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[sumo-announce] SUMO 1.11.0 update released (log4j vulnerability)
|
Dear friends and users,
although only a small part of the SUMO universe is running with Java,
we are not entirely unaffected by the most recent events. Good news
first: If you are not using lisum-gui
(https://sumo.dlr.de/docs/Tools/LiSuM.html) or not even know what it is
you can stop reading now.
For all the others:
Please note that due to the log4j vulnerability
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) the
lisum-gui.jar in the distribution 1.11.0 has been replaced. Until today
it contained a vulnerable version of the library. All other files are as
in the original release. So if you are a lisum-gui user please download
and install the release again. You can also download an updated
lisum-gui.jar directly: https://sumo.dlr.de/daily/lisum-gui.jar. Please
note that no other part of SUMO (not even lisum-core.jar) is affected
and also our web server https://sumo.dlr.de is not running Java code.
(Older releases however still contain the vulnerable code in
lisum-gui.jar and will not be replaced.)
So now enjoy your holidays if there are any ahead of you and keep
simulating!
Best regards,
Michael (for the SUMO team)
Am 23.11.21 um 09:17 schrieb Jakob Erdmann:
> Dear friends and users,
> we are happy to announce the release of SUMO version 1.11.0.
> The download links are at https://sumo.dlr.de/docs/Downloads.html
> <https://sumo.dlr.de/docs/Downloads.html>
>
> Have fun with the new release,
> Angelo, Laura, Pablo, Jakob, Robert, Melanie, Johannes, Matthias,
> Michael and Yun-Pang.
>
> _______________________________________________
> sumo-announce mailing list
> sumo-announce@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/sumo-announce
>