From a8fc4fe6ce5e82d44060b7e50c131eca8b502aff Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Tue, 14 Dec 2021 12:33:59 +0200 Subject: [PATCH] Mention log4j vulnerability affecting mautrix-signal Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1459 and https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452 --- CHANGELOG.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 43af8dd1..a6d15b96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +# 2021-12-14 + +## (Security) Users of the Signal bridge may wish to upgrade it to work around log4j vulnerability + +Recently, a security vulnerability affecting the Java logging package `log4j` [has been discovered](https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java). Software that uses this Java package is potentially vulnerable. + +One such piece of software that is part of the playbook is the [mautrix-signal bridge](./docs/configuring-playbook-bridge-mautrix-signal.md), which [has been patched already](https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/1452). If you're running this bridge, you may wish to [upgrade](./docs/maintenance-upgrading-services.md). + + # 2021-11-11 ## Dropped support for Postgres v9.6