New and Changed Features in Version 2021.10.3

Log4j Update

The Apache Log4j 2 Java library has been updated to 2.17.0 to address the critical CVE-2021-45046 and CVE-2021-45105 vulnerabilities.

Logstash Update

The Logstash image used in Black Duck has been upgraded to 7.16.2 which uses Log4j2 version 2.17.0.

Container versions

• blackducksoftware/blackduck-postgres:9.6-1.4

• blackducksoftware/blackduck-authentication:2021.10.3

• blackducksoftware/blackduck-webapp:2021.10.3

• blackducksoftware/blackduck-scan:2021.10.3

• blackducksoftware/blackduck-jobrunner:2021.10.3

• blackducksoftware/blackduck-cfssl:1.0.4

• blackducksoftware/blackduck-logstash:1.0.15

• blackducksoftware/blackduck-registration:2021.10.3

• blackducksoftware/blackduck-nginx:2.0.9

• blackducksoftware/blackduck-documentation:2021.10.3

• blackducksoftware/blackduck-upload-cache:1.0.19

• blackducksoftware/blackduck-redis:2021.10.3

• blackducksoftware/blackduck-bomengine:2021.10.3

• blackducksoftware/blackduck-matchengine:2021.10.3

• blackducksoftware/blackduck-webui:2021.10.3

• blackducksoftware/bdba-worker:2021.9.2

• blackducksoftware/rabbitmq:1.2.5