/engage/b/sugar-news/posts/sugarcrm-information-regarding-log4j-vulnerabilityLike many software companies around the world, SugarCRM recently became aware of a critical vulnerability in the Log4j software developed by Apache Software Foundation, which is generally used in web server applications. The zero-day attack exploitinen-USTelligent Community 12https://sugarclub.sugarcrm.com/engage/b/sugar-news/posts/sugarcrm-information-regarding-log4j-vulnerabilityThu, 20 Jan 2022 17:45:53 GMT5c521d64-519d-47a6-9065-134618b211bf:f6f1423e-cf79-449a-aa02-b50be00ccaa9Nathan Romine0<p>Several software components inside of the SugarCRM cloud platform were vulnerable to the log4j vulnerability, however, no client or public facing systems were vulnerable. To be clear, the SugarCRM platform did NOT have any publicly facing infrastructure that was vulnerable, and immediate and continuous monitoring of the environment has shown no attempts or compromises of previously vulnerable software components.</p> <p>All known configurations, patches, and remediations were in place by December 13th, and all continuously released log4j patches or remediations are tested and put in place as they become available from 3rd parties.</p><img src="https://sugarclub.sugarcrm.com/aggbug?PostID=2307&AppID=12&AppType=Weblog&ContentType=0" width="1" height="1">https://sugarclub.sugarcrm.com/engage/b/sugar-news/posts/sugarcrm-information-regarding-log4j-vulnerabilityThu, 30 Dec 2021 08:13:02 GMT5c521d64-519d-47a6-9065-134618b211bf:f6f1423e-cf79-449a-aa02-b50be00ccaa9Saad Azad1<p>Hi<span>&nbsp;</span>Nathan,</p> <p>There are further Apache Log4j Vulnerability tracked as (CVE-2021-44832) and the patches released earlier were found to be insufficient. Do you have any update on the same?<br /><br />Thanks</p><img src="https://sugarclub.sugarcrm.com/aggbug?PostID=2307&AppID=12&AppType=Weblog&ContentType=0" width="1" height="1">https://sugarclub.sugarcrm.com/engage/b/sugar-news/posts/sugarcrm-information-regarding-log4j-vulnerabilityThu, 23 Dec 2021 05:23:13 GMT5c521d64-519d-47a6-9065-134618b211bf:f6f1423e-cf79-449a-aa02-b50be00ccaa9Manish kumar1<p>He Team,</p> <p></p> <p>We are Using SugarCRM 9.XX EP is this worried for Us ? Or any update or action required ?</p><img src="https://sugarclub.sugarcrm.com/aggbug?PostID=2307&AppID=12&AppType=Weblog&ContentType=0" width="1" height="1">https://sugarclub.sugarcrm.com/engage/b/sugar-news/posts/sugarcrm-information-regarding-log4j-vulnerabilityFri, 17 Dec 2021 19:27:12 GMT5c521d64-519d-47a6-9065-134618b211bf:f6f1423e-cf79-449a-aa02-b50be00ccaa9Ken McCartney1<p>According to documentation on supported platforms, version 11 of sugarcrm only supports elasticsearch version 7.9&nbsp;<a href="https://support.sugarcrm.com/Resources/Supported_Platforms/">https://support.sugarcrm.com/Resources/Supported_Platforms/</a>.</p> <p>Will sugarcrm v11 function with elasticsearch v7.16.1 ?</p> <p>Thanks.</p><img src="https://sugarclub.sugarcrm.com/aggbug?PostID=2307&AppID=12&AppType=Weblog&ContentType=0" width="1" height="1">