Tag

log4j Archives - Holodeck B2B

Holodeck B2B 5.3.1

By | News | No Comments

This release fixes the Log4J vulnerability.

Some notable new features:
– You now have the possibility to use message properties in P-Mode matching. This is useful on for example the “finalRecipient” property used in the  EPREL and EUDAMED networks.
– Worker pool management by the core, including ‘on the fly’ reconfiguration.
– Improved logging.
– Receiving of messages with over 30 signed attachments is now possible.
– A new message processing state was added to the options in the API for outgoing messages that encounter an internal error. These can now be processed again without having to be resubmitted by the back end.
– Support for Apache Commons Daemon, which adds another option for running Holodeck B2B as a Windows service.

Important fixes in this version are:
– an upgrade to Log4J 2.15.0 to fix the Log4Shell vulnerability.
– Improved support for a 2-Way Message Exchange Pattern: Push & Push.

For a full overview of all changes, please consult the Changelog in the download.

Patching the Log4J vulnerability

By | News | No Comments

Holodeck B2B uses Apache Log4J for logging, which means gateways are potentially vulnerable to the Log4Shell exploit.

Please patch your Holodeck B2B gateway following the steps below to update Log4J as soon as possible. You can also upgrade your gateway to version 5.3.1.

Installing this Log4J update will require stopping and restarting your gateway. Please read through all steps of the process beforehand.

1. Download the most recent Log4J 2 release from the official project website: https://logging.apache.org/log4j/2.x/download.html and extract it
2. Go to the lib directory of the Holodeck B2B installation.
3. In the lib directory, locate all files where the name starts with ‘log4j-*’ and find the file with the same name in the downloaded archive. The downloaded archive will contain more files than needed. You only need the files with the same names as those that are in the lib folder.
4. Create a temporary folder on your machine and copy these files from the downloaded archive to this folder.
5. Stop Holodeck B2B
6. Replace the old files in the Holodeck B2B lib directory with the downloaded files from your temporary folder
7. Restart Holodeck B2B