Fellow developers,
Bloomreach is pleased to announce new maintenance releases for all currently maintained versions of Bloomreach Experience Manager: 14.7.2, 13.4.13, 12.6.22.
These releases focus on updates to address the recently-disclosed log4shell vulnerabilities. As usual, we recommend updating to the latest maintenance release for your major version ASAP. Detailed information about dependency version changes are now listed on the release notes for each version, so please check for any specific updates that might affect your projects.
Note that we’ve accelerated our usual schedule for the community release of 14.7, so the features of this minor release are also available to the community for the first time this week. Dependency changes for the 14.7.0 release are somewhat more extensive than for the 14.7.2 release specifically.
Release notes are linked from the usual place:
You can find detailed security-related content below. Note the list of disclosures linked at the bottom of the page.
Both the enterprise and community release artifacts are now available in the Bloomreach Maven repository. Community source code for these versions have also been published to GitHub today. Thanks for your contributions to our community!
Peter Centgraf
Manager, Bloomreach Content Pulsar Team