Dear list members,
as written yesterday: ILIAS is not vulnerable to the current security
issue that is getting wide media coverage. But we have followed the
vendors recommendation and also the official BSI advisory and updated
the logging dependency in the ilServer to the newest available version.
The release manager and the product manager are already working on
preparing a special release out of the regular schedule and we are
confident to be able to announce that at very short notice. If you feel
you can't wait for the release to be bundled and tagged, you can already
update your installation using the "git pull" method as described in
https://docu.ilias.de/goto_docu_lm_367.html#minor-upgrade .
We always recommend to keep your ILIAS installations up-to-date. For
more detailed explanations don't hesitate to contact us.
Best regards,
The ILIAS Security Group
on behalf of the ILIAS e.V. and the Technical Board
Dear list members,
today we received several requests regarding CVE-2021-44228 (log4j -
0-day exploit).
According to our own analysis ILIAS and (more precisely) the ilServer is
most probably NOT affected by this vulnerabilty.
The java server uses the 1.x release of log4j, which seems to be NOT
impacted if(!) the configuration of the application does not(!) use JNDI
or JMS Appender, which is given for the ilServer.
Nevertheless the maintainer of the ilServer decided to upgrade the log4j
library to the recommended version 2.15.x in all maintained ILIAS
releases (still in progress).
We would like to also create awareness that other applications in your
infrastructure might be impacted by CVE-2021-44228.
We always recommend to keep your ILIAS installations up-to-date. For
more detailed explanations don't hesitate to contact us.
Best regards,
The ILIAS Security Group
on behalf of the ILIAS e.V. and the Technical Board
Mail auf Deutsch unten.
--------------------------
Dear colleagues,
we are looking for contributions to the next ILIAS Development Conference on 27 October 2021 (via BBB):
https://docu.ilias.de/goto_docu_sess_10499.html
You contribution may have length between 20 and 105 minutes, targeting developers, designers, concepters, administrators, project managers and/or users, teacher and tutors. If you feel uncomfortable to use english in your slot, we will be happy to have your slot in german.
Is there anything that you have created that you want to show to the community? Did you learn something that could help others? Do you have an idea you want to pitch? Please insert you proposal here:
https://docu.ilias.de/goto_docu_dcl_9035_198.html
If you have some idea for a contribution but struggle to elaborate it enough, feel free to contact me for help.
We are looking forward to receive your proposal!
Best regards
Und nochmal auf deutsch:
----------------------------
Liebe Kolleg*innen,
wir suchen nach Beiträgen für die nächste ILIAS Entwickungskonferenz am 27. Oktober 2021 auf BBB:
https://docu.ilias.de/goto_docu_sess_10499.html
Eure Beiträge können eine Länge zwischen 20 und 105 Minuten haben und sollen für Entwickler*innen, Designer*innen, Konzepter*innen, Administrator*innen, Projektmanager*innen und/oder Nutzer*innen, Lehrer*innen und Tutor*innen geeignet sein. Sollte sich jemand mit Englisch unwohl fühlen, freuen wir uns über einen Beitrag auf deutsch genauso.
Gibt es etwas, das ihr gebaut habt und der Community zeigen wollt? Habt ihr etwas gelernt, dass auch anderen helfen könnte? Habt ihr Ideen, die ihr vorstellen wollt? Bitte tragt euren Vorschlag hier ein:
https://docu.ilias.de/goto_docu_dcl_9035_198.html
Wenn ihr Ideen für einen Beitrag habt, aber noch Probleme bei der Ausarbeitung habt, meldet euch gerne bei mir.
Wir warten gespannt auf eure Vorschläge!
Beste Grüße!
--
Richard Klees
Lead Developer Qualifizierungsmanagement
Mobil: +49 (0)173 / 52 56 924
Fon: +49 (0)221 / 46 75 76 - 56
Fax: +49 (0)221 / 46 75 76 - 09
---------------------------------------------
CaT Concepts and Training GmbH
Vorgebirgstraße 338
50969 Köln
Fon: +49 (0) 221 / 46 75 76 - 00
Fax: +49 (0) 221 / 46 75 76 - 09
---------------------------------------------
Geschäftsführung:
Sven Kapust, Gerald Konrad, Alexandra Oehlke,
Sandra Röbbelen, Volker Röbbelen, Denis Witt
Amtsgericht Köln HRB 57804
Ust-ID-Nr.: DE 814694228
Sitz: Köln
---------------------------------------------