Version 220.127.116.11 Release Notes
The Version 18.104.22.168 release includes the fix for Apache Log4j2 vulnerability. There are no new features, changed features, fixed features, or known limitations in this release.
This release addresses the exposure to the Apache Log4j CVE-2021-45105, CVE-2021-45046, and CVE-2021-44228 vulnerabilities.
For the Log4j2 vulnerability, as an additional, in-depth defense measure, Version 22.214.171.124 includes the parameter (-Dlog4j2.formatMsgNoLookups=true) for all the applicable Windows services. There will be no impact to Control Room 11.3.2.x users who have already implemented this parameter change. For additional information on the parameter change, see Automation Anywhere Enterprise 11.x | Update regarding CVE-2021-44228 related to 0-day in the Apache Log4j2 Java library (A-People login required).
Review the disclaimer document included in the Version 126.96.36.199 build for more information.
|You cannot directly install the Version 188.8.131.52 patch over the Version 184.108.40.206 or Version 220.127.116.11 patches. If you try
to apply this patch, a warning message appears and you cannot
install the Version 18.104.22.168 patch over Version 22.214.171.124 or Version 126.96.36.199 patch. You must first
uninstall your current patch and then install the Version 188.8.131.52 patch.
If you are using the Version 11.3.2 base version, you can directly apply the Version 184.108.40.206 patch.