The Apache Directory Project announces a new release of Fortress.

This emergency release includes an upgrade to the latest Log4j library, 
v2.15.0. This is our response to CVE-2021-44228. 

It also includes dependency upgrades for Web and Rest deployments to be 
up-to-date per the latest OWASP vulnerability scans and a couple of other bug 

If using Apache Fortress in any of your deployments, it is high recommended 
moving to this release, or following the other mitigation procedures 
surrounding this CVE.

Contact us on our mailing list if you have any questions.

Apache Fortress provides a fine-grained authorization security system using 
Role-Based and Attribute-Based Access Control semantics.  It’s built to scale 
to many thousands of requests per second using a fault-tolerant LDAP backend 
like OpenLDAP or Apache Directory Server.

Downloading Apache Fortress 2.0.7:

The 2.0.7 Release notes with complete list:

To learn more: 

Follow us on twitter: 
• @apache_fortress

Join our mailing list:


Reply via email to