Version 18.104.22.168 Release Notes
The Version 22.214.171.124 release includes the fix for Apache Log4j2 vulnerability and Control Room known limitations. There are no new features, changed features, or fixed features in this release.
The Control Room Version 126.96.36.199 has two different installers depending on your base version. See Enterprise 11 upgrade considerations.
When installing Version 188.8.131.52 (installed on the base Version 184.108.40.206) Enterprise Control Room patch, you need to select the Restart option to restart the machine to successfully complete the patch installation.
This release addresses the exposure to the Apache Log4j CVE-2021-45105, CVE-2021-45046, and CVE-2021-44228 vulnerabilities.
For the Log4j2 vulnerability, as an additional, in-depth defense measure, Version 220.127.116.11 includes the parameter (-Dlog4j2.formatMsgNoLookups=true) for all the applicable Windows services. There will be no impact to Control Room 11.3.1.x users who have already implemented this parameter change. For additional information on the parameter change, see Automation Anywhere Enterprise 11.x | Update regarding CVE-2021-44228 related to 0-day in the Apache Log4j2 Java library (A-People login required).
Review the disclaimer document included in the Version 18.104.22.168 build for more information.