The Apache Directory Project announces a new release of Fortress. This emergency release includes an upgrade to the latest Log4j library, v2.15.0. This is our response to CVE-2021-44228.
It also includes dependency upgrades for Web and Rest deployments to be up-to-date per the latest OWASP vulnerability scans and a couple of other bug fixes. If using Apache Fortress in any of your deployments, it is high recommended moving to this release, or following the other mitigation procedures surrounding this CVE. Contact us on our mailing list if you have any questions. Apache Fortress provides a fine-grained authorization security system using Role-Based and Attribute-Based Access Control semantics. It’s built to scale to many thousands of requests per second using a fault-tolerant LDAP backend like OpenLDAP or Apache Directory Server. Downloading Apache Fortress 2.0.7: • http://directory.apache.org/fortress/downloads.html The 2.0.7 Release notes with complete list: • https://issues.apache.org/jira/projects/FC/versions/12350941 To learn more: • https://directory.apache.org/fortress/ Follow us on twitter: • @apache_fortress Join our mailing list: • fortress-subscr...@directory.apache.org — Shawn