Version 11.3.4.6 Release Notes
- Dernière mise à jour2022/12/29
Version 11.3.4.6 Release Notes
Review the security fix for Apache Log4j2 vulnerability in Version 11.3.4.6 for Control Room. There are no new features, changed features, or known limitations in this release.
Security fix
This release addresses the exposure to the Apache Log4j CVE-2021-45105, CVE-2021-45046, and CVE-2021-44228 vulnerabilities.
For the Log4j2 vulnerability, as an additional, in-depth defense measure, Version 11.3.4.6 includes the parameter (-Dlog4j2.formatMsgNoLookups=true) for all the applicable Windows services. There will be no impact to Control Room 11.3.4.x users who have already implemented this parameter change. For additional information on the parameter change, see Automation Anywhere Enterprise 11.x | Update regarding CVE-2021-44228 related to 0-day in the Apache Log4j2 Java library (A-People login required).
For more information, see FAQs related to Automation Anywhere Releases regarding zero-day vulnerabilities (CVE-2021-44228, CVE-2021-45046) (A-People login required).
Review the disclaimer document included in the Version 11.3.4.6 build for more information.