Welcome Guest! Log in
Stambia versions 2.x, 3.x, S17, S18, S19 and S20 are reaching End of Support January, 15th, 2024. Please consider upgrading to the supported Semarchy xDI versions. See Global Policy Support and the Semarchy Documentation.

The Stambia User Community is moving to Semarchy! All the applicable resources have already been moved or are currently being moved to their new location. Read more…

20161946 hiweb

Welcome to the Stambia Community!

Are you a new user of Stambia? Do you need some help? Do you want to share something with the community?
In any case you are in the right place!

Here you will find the latest releases of your products. You can also browse the documentation providing different articles and the how-tos that will help you unleash the full potential of Stambia DI.

As a new user, first have a look at the Getting Started sections in order to be ready to use Stambia DI for the first time.

Latest News


The Semarchy engineering team is monitoring - as part of the build & quality processes - Common Vulnerabilities and Exposures (CVEs) that impact libraries or third-party components shipped in the Semarchy/Stambia products.

Multiple vulnerabilities affecting the Log4J2 (Log4J version 2) library, commonly used in applications for logging services, have been reported under the CVE-2021-44228, CVE-2021-45105, CVE-2021-44832, and CVE-2021-45046 references.

Multiple vulnerabilities affecting the Log4J1 (Log4J version 1) library, commonly used in applications for logging services, have been reported under the CVE-2019-17571, CVE-2020-9488, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307 references.

 

The impact for each product is summarized below.

  • Designer
    • The Designer does not use Log4J for logging purposes. It is therefore not affected by the reported vulnerabilities.
  • Analytics
    • Analytics does not use Log4J2 (Log4J version 2). It is not affected by the Log4J2 (Log4J version 2) vulnerabilities.
    • Analytics uses the previous version of that library, Log4J1 (Log4J Version 1), which has other reported vulnerabilities. However, Analytics is not affected by these vulnerabilities.
  • Runtime
    • The Runtime does not use Log4J2 (Log4J version 2). It is not affected by the Log4J2 (Log4J version 2) vulnerabilities.
    • The Runtime uses the previous version of that library, Log4J1 (Log4J Version 1), which has other reported vulnerabilities that can be easily identified and mitigated.
  • Components
    • The only component shipping Log4J2 (Log4J version 2) is the ElasticSearch component, which is not affected by the CVEs (it is a transitive dependency not exposed to end-users).
      Although not affected, the ElasticSearch component has been upgraded in the Component Pack version 3.0.0 to use the Log4J2 (Log4J version 2) 2.16.0 version, which includes the fixes to CVE-2021-44228 and CVE-2021-45046.
      Although not affected, the ElasticSearch component will be upgraded in the next Component Pack minor version 3.1.0 to use the Log4J2 (Log4J version 2) 2.17.1 version, which includes the fix to CVE-2021-45105 and CVE-2021-44832. The product team is also considering backporting the change in a 3.0.x version.
  • License Server
    • The License Server product includes solely the API of the Apache Log4J2 library and not the implementations. It is therefore not affected by the vulnerabilities.
      Although not affected, the License Server has been upgraded in version 5.3.0 to use the Log4J2 (Log4J version 2) 2.16.0 version, which includes the fixes to CVE-2021-44228 and CVE-2021-45046.
      Although not affected, the License Server will be upgraded in the next minor version 5.4.0 to use the Log4J2 (Log4J version 2) 2.17.1 version, which includes the fix to CVE-2021-45105 and CVE-2021-44832. The product team is also considering backporting the change in a 5.3.x version.

 

The attached Security Notice provides detailed information for all the reported vulnerabilities.

Do not hesitate to contact our support team if you have additional questions or need further clarifications.

  • Getting Started

  • 1
  • Download

  • Documentation

  • Support

  • Forum

  • 1