Update
CVE-2021-44228 was a very serious problem end of 2021, and we are still finding new occurrences, or security teams scan servers and find vulnerable log4j files. Don’t get me wrong most of these occurrences are not vulnerable any more, because the JVM is hardened like in the Elasticsearch 7 containers, or they use of the JVM parameter -Dlog4j2.formatMsgNoLookups=true
.
Today IBM released CR1 on IBM Fixcentral. CR1 is a set of 17 cumulative fixes and enable Mobile Admin (didn’t verified this, hope it will be there) too.
Links for all CR1 Downloads (Multi OS Fixes)
Fix list for IBM Connections 4.0 CR1 – Very long, seems to fix a lot
IBM Connections 4.0 CR1 Post-install Deployment Configuration Steps
Update strategy for IBM Connections 4.0
Cross-product relationship information
You have to download 18 packages, because a new update installer is mandatory!
Last Update: Read in about 1 min