Fellow developers,
Bloomreach is pleased to announce new maintenance releases for all currently maintained versions of Bloomreach Experience Manager: 14.7.3, 13.4.14, 12.6.23.
This maintenance release includes updates to address the recently disclosed log4j vulnerability. brXM is not configured in such a way to be vulnerable by default, but customers that have customized log4j config to include a ‘ctx’ pattern may be. For full details of changes, please see the release notes.
https://documentation.bloomreach.com/14/about/release-notes/release-notes-overview.html
Only a single security disclosure is relevant to these releases:
Both the enterprise and community release artifacts are now available in the Bloomreach Maven repository. Community source code for these versions have also been published to GitHub today. Thanks for your contributions to our community!
Peter Centgraf
Manager, Bloomreach Content Pulsar Team