Dear list members,
as written yesterday: ILIAS is not vulnerable to the current security
issue that is getting wide media coverage. But we have followed the
vendors recommendation and also the official BSI advisory and updated
the logging dependency in the ilServer to the newest available version.
The release manager and the product manager are already working on
preparing a special release out of the regular schedule and we are
confident to be able to announce that at very short notice. If you feel
you can't wait for the release to be bundled and tagged, you can already
update your installation using the "git pull" method as described in
https://docu.ilias.de/goto_docu_lm_367.html#minor-upgrade .
We always recommend to keep your ILIAS installations up-to-date. For
more detailed explanations don't hesitate to contact us.
Best regards,
The ILIAS Security Group
on behalf of the ILIAS e.V. and the Technical Board