An updated installer for Spectrum (2021 R3 Build 419225) is available for On-Premise customers. 2021 R3 Build 419225 includes the latest updates to address the log4j issue:
Download: Spectrum 2021 R3 Build 419225
All On-Premise customers are strongly encouraged to install this patch as soon as possible. Once updated, the version which will display in the 'About' screen in Spectrum will be 'Version 2021 R3 - Build 419225'. Be sure to clear your browser cache after updating Spectrum and confirm the latest build number displays in the 'About' screen.
Note: after this update, the following log4j file will remain on the server:
log4j-core-2.5-nojndi.jar
Instead of replacing the log4j-core-2.5.jar file with the newly released version, we proceeded with the option of replacing/removing the associated code that was used as the attack vector for this version. While the file may potentially be flagged by scans, this identified finding is strongly mitigated from being exploited.
After installing 2021 R3 Build 419225, please download and apply these VPXs:
- January Hotfix Collection
- LCP Tracker (2021-12-17)
These are available in the Hot Fixes download folder for 2021 R3.