Version Release Notes

The Version release includes the fix for Apache Log4j2 vulnerability. There are no new features, changed features, fixed features, or known limitations in this release.

Security fix

This release addresses the exposure to the Apache Log4j CVE-2021-45105, CVE-2021-45046, and CVE-2021-44228 vulnerabilities.

Important: We have updated Automation Anywhere Enterprise Version to include the fix for the Apache Log4j2 component vulnerability. The Apache Log4j2 library in this release is updated to version 2.17.0.

For the Log4j2 vulnerability, as an additional, in-depth defense measure, Version includes the parameter (-Dlog4j2.formatMsgNoLookups=true) for all the applicable Windows services. There will be no impact to Control Room 11.3.2.x users who have already implemented this parameter change. For additional information on the parameter change, see Automation Anywhere Enterprise 11.x | Update regarding CVE-2021-44228 related to 0-day in the Apache Log4j2 Java library (A-People login required).

For more information, see FAQs related to Automation Anywhere Releases regarding zero-day vulnerabilities (CVE-2021-44228, CVE-2021-45046) (A-People login required).

Review the disclaimer document included in the Version build for more information.

Known limitations

Control Room
You cannot directly install the Version patch over the Version or Version patches. If you try to apply this patch, a warning message appears and you cannot install the Version patch over Version or Version patch. You must first uninstall your current patch and then install the Version patch.

If you are using the Version 11.3.2 base version, you can directly apply the Version patch.

Upgrade considerations.