Maintenance releases available today: 14.7.2, 13.4.13, 12.6.22

PCentgraf · December 15, 2021, 4:56pm

Fellow developers,

Bloomreach is pleased to announce new maintenance releases for all currently maintained versions of Bloomreach Experience Manager: 14.7.2, 13.4.13, 12.6.22.

These releases focus on updates to address the recently-disclosed log4shell vulnerabilities. As usual, we recommend updating to the latest maintenance release for your major version ASAP. Detailed information about dependency version changes are now listed on the release notes for each version, so please check for any specific updates that might affect your projects.

Note that we’ve accelerated our usual schedule for the community release of 14.7, so the features of this minor release are also available to the community for the first time this week. Dependency changes for the 14.7.0 release are somewhat more extensive than for the 14.7.2 release specifically.

Release notes are linked from the usual place:

You can find detailed security-related content below. Note the list of disclosures linked at the bottom of the page.

Both the enterprise and community release artifacts are now available in the Bloomreach Maven repository. Community source code for these versions have also been published to GitHub today. Thanks for your contributions to our community!

Peter Centgraf
Manager, Bloomreach Content Pulsar Team

Jaideep-Infy · January 3, 2022, 2:01pm

Hi,

Do you know where I can find the updated jar files for 13.4.14 so that the log4j vulnerability issue is resolved?

jeroen.hoffman · January 5, 2022, 8:45am

Hi,
We release the public artifacts to https://maven.onehippo.com/maven2/ and the Enterprise-licensed artifacts to https://maven.onehippo.com/maven2-enterprise/

HTH
Jeroen

Jaideep-Infy · January 6, 2022, 6:55am

Hi Jeroen,

I could not find the latest jar files in these links for v13.4.14, specifically I was looking for jar files like hippo-cms7-commons-2.2.0, hippo-repository-builtin-3.2.7, hippo-services-autoreload-2.2.0, jcl-over-slf4j-1.7.6, log4j-1.2.17, slf4j-log4j12-1.7.6, slf4j-api-1.7.6, hippo-services-2.2.1, hippo-repository-api-3.2.7. Can you help me these?
We just want to update our log4j version to v2.17

jeroen.hoffman · January 6, 2022, 9:31am

The mentioned artifacts are in the same places, e.g. at
https://maven.onehippo.com/maven2/org/onehippo/cms7/hippo-cms7-commons/2.2.0/

Bumping your project to 13.4.14 should pull in all the necessary jars if you have set up your Maven correctly. Normally you don’t need to look for the dependencies specifically.

Also, for 13.4.14, the correct hippo-cms7-commons artifact is also version 13.4.14.jar so I’m thinking you have a dependency situation. Please look into your dependency tree to figure out where these are coming from.

Regards, Jeroen

Jaideep-Infy · January 6, 2022, 9:47am

Thanks Jeroen

Topic	Replies	Views
Maintenance releases available today: 14.7.3, 13.4.14, 12.6.23 Experience Manager (PaaS/OnPrem)	361	December 20, 2021
Maintenance releases available today: 14.6.2, 13.4.10, 12.6.18 Experience Manager (PaaS/OnPrem)	301	September 23, 2021
Community maintenance releases: 15.1.1, 14.7.9, 13.4.19 Experience Manager (PaaS/OnPrem)	237	October 6, 2022
brXM 15.1.0 minor release + 14.7.8 and 13.4.18 maintenance releases Experience Manager (PaaS/OnPrem)	463	July 1, 2022
Experience Manager 15.1.2, 14.7.10, and 13.4.20 Release Experience Manager (PaaS/OnPrem)	216	October 17, 2022

Maintenance releases available today: 14.7.2, 13.4.13, 12.6.22

Related Topics