Upgrade to Camnuda 7.14.16

Camunda 7 Topics Discussion & Questions
1

We are currently basing the tomcat Camunda bpm platform version 7.14.0 through docker and we want to upgrade due to the whole Log4j vulnerability.

In the security notification page, the recommended version to use is 7.14.16.

However

  • There is no docker image published for that version
  • There is no release for that version in your nexus
  • There is no branch/tag for that version in the camunda-bpm-platform so that I can build my own dist

Can anyone guide me how I am to get hold of that version?

Best Regards

/Jesper Sigården

2

Hi @jopperknopper,

7.14.16 is only available for enterprise customers.

Have a look at this thread for a solution: Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - #7 by tasso94

Hope this helps, Ingo

3

Oh, I see!

Thank you for the straight up answer, I’ll wait for a stable 4.17.0 release then.

/Jesper

4