Patching the log4J libraries in Gluu software

Gluu’s products are primarily Java based software. Not surprisingly, we use log4J. Like most software vendors, we have been responding and updating our software to address the issue described on the website.

Once we publish the software update, we’ll continue researching the exploit to better understand the risk.

For now, we are assisting supported customers to patch their deployments. The patch is a script that will update libraries for an in-place deployment. Subsequent releases will include the updated log4j library. Community support users may open a support ticket, and the Gluu team will be in touch with instructions on how to get early access to the patch when available. The quickest fix for community users is to upgrade to version 4.3.1 now available!

Gluu 4.3.1 is a maintenance release of our stable distribution. All components include updates to the log4j library (now version 2.17).

Other enhancements include:

  • *Update to RestEasy 4
  • *Enhance Casa login page and its derivations when the browser saves credentials
  • *passport_saml and passport_social produces script error after reloading script
  • *oxTrust password reset (deprecated) but now fixes a bug in the redirect after a success
  • *saml-passport upgraded to version 3.1.2

Need help with your Community Edition Gluu upgrade?