IQ Bot Version 184.108.40.206 Release Notes
The Version 220.127.116.11 release includes the fix for Apache Log4j2 vulnerability. There are no new features, changed features, fixed features, or known limitations in this release.
This release addresses the exposure to the Apache Log4j CVE-2021-45105, CVE-2021-45046, CVE-2021-44228, and CVE-2021-44832 vulnerabilities.
For the Log4j2 vulnerability, as an additional, in-depth defense measure, IQ Bot Version 18.104.22.168 includes the parameter (-Dlog4j2.formatMsgNoLookups=true) for all the applicable Windows services. There will be no impact to IQ Bot 11.3.5.x users who have already implemented this parameter change.
IQ Bot Version 22.214.171.124 is compatible with the latest Control Room 11.3.5.x version, which addresses the exposure to the Apache Log4j. Additionally, this IQ Bot version is also compatible with all the Control Room versions that were compatible with Version 126.96.36.199.
For additional information on the parameter change, see Automation Anywhere Enterprise 11.x | Update regarding CVE-2021-44228 related to 0-day in the Apache Log4j2 Java library (A-People login required).
Review the disclaimer document included in the IQ Bot Version 188.8.131.52 build for more information.