Skip to content

2.7.0 Release
Compare
Choose a tag to compare
@Tara-Wij Tara-Wij released this 13 Dec 00:21
· 610 commits to 2.x-develop since this release
2.7.0
117586a

GovCMS 2.7.0 Release Notes

Advice

Over the weekend (11 December), a zero-day exploit (Log4Shell) in the popular Java logging library log4j was discovered that results in Remote Code Execution (RCE) by logging a certain string. See https://www.lunasec.io/docs/blog/log4j-zero-day/ and GHSA-jfh8-c2jp-5v3q for more background.

GovCMS is currently prioritising this Zero Day CVE (See CVE-2021-44228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228). An urgent hotfix has been applied to temporarily mitigate the issue across the platform, until the D9 deployment tomorrow. There is no further action for D9 SaaS projects.

D9 PaaS customers will need to patch your projects ASAP. If you use the GovCMS base images, you will need to redeploy your projects for the change to take effect. If you don’t use the GovCMS base images you will need to take action to patch SOLR7 in your project as it pertains to your codebase.

Actions

  • ❗ Important notice for SaaS customers with configuration management enabled
    Once the deployment is completed you will need to export the new configurations files and commit them back to master. Deployments to all websites should be completed by 12pm Thursday 16 December 2021, you can confirm this at https://status.govcms.support/.

  • D9 PaaS customers will need to patch your projects ASAP
    If you use the GovCMS D9 distribution:
    **If you have any projects running on Solr 7 or above, there is a temporary mitigation in place for existing environments, but you should upgrade to https://github.com/uselagoon/lagoon-images/releases/tag/21.12.0 base images as soon as practical (so newly created environments receive protection)
    **You should prioritise this update to your distribution. Updated files released on Monday 13 December 2021 and are available from https://github.com/govCMS/GovCMS/releases/tag/2.7.0

  • If you don’t use the GovCMS D9 distribution:
    ** If you have any projects running on Solr 7 or above, immediately apply the SOLR7 patch as it pertains to your codebase

Release Information

  • Distribution was updated on Monday 13 December 2021
  • Deployments are scheduled to commence on Tuesday 14 December 2021
  • Deployments will be conducted throughout the daytime and into the evening.
  • No modules have been added/removed from the distribution
  • No outages are expected to websites during the deployment process.
  • The D9 distribution will continue to be supported after this update.

Module Update

More information

If you have any concerns, raise a ticket at https://www.govcms.support, alternatively subscribe to https://status.govcms.support/ for information on updates to the GovCMS platform

Assets 2
Loading