New and Changed Features in Version 2021.8.7

Log4j Update

The Apache Log4j 2 Java library has been updated to 2.17.0 to address the critical CVE-2021-45046 and CVE-2021-45105 vulnerabilities.

Logstash Update

The Logstash image used in Black Duck has been upgraded to 7.16.2 which uses Log4j2 version 2.17.0.

Container versions

• blackducksoftware/blackduck-postgres:9.6-1.1

• blackducksoftware/blackduck-authentication:2021.8.7

• blackducksoftware/blackduck-webapp:2021.8.7

• blackducksoftware/blackduck-scan:2021.8.7

• blackducksoftware/blackduck-jobrunner:2021.8.7

• blackducksoftware/blackduck-cfssl:1.0.3

• blackducksoftware/blackduck-logstash:1.0.15

• blackducksoftware/blackduck-registration:2021.8.7

• blackducksoftware/blackduck-nginx:2.0.6

• blackducksoftware/blackduck-documentation:2021.8.7

• blackducksoftware/blackduck-upload-cache:1.0.18

• blackducksoftware/blackduck-redis:2021.8.7

• blackducksoftware/blackduck-bomengine:2021.8.7

• blackducksoftware/blackduck-matchengine:2021.8.7

• blackducksoftware/blackduck-webui:2021.8.7

• blackducksoftware/bdba-worker:2021.7.0

• blackducksoftware/rabbitmq:1.2.3