GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Impact of Log4j vulnerability on GFI (CVE-2021-44228)
Re: Impact of Log4j vulnerability on GFI [message #150702 is a reply to message #150660] Wed, 22 December 2021 22:06 Go to previous messageGo to next message
McIrish is currently offline  McIrish
Messages: 252
Registered: October 2011
I'm sure glad I read this before installing the patch tonight. We don't use the chat feature anyway so I will leave this until there is a functioning update.
Re: Impact of Log4j vulnerability on GFI [message #150703 is a reply to message #150694] Wed, 22 December 2021 22:08 Go to previous messageGo to next message
guguss is currently offline  guguss
Messages: 12
Registered: October 2013
Location: France
same here
xmpp don't work
and full text research not working
Re: Impact of Log4j vulnerability on GFI [message #150714 is a reply to message #150703] Sat, 25 December 2021 17:04 Go to previous messageGo to next message
AndreasL is currently offline  AndreasL
Messages: 111
Registered: July 2008
Location: Germany
https://forums.gfi.com/index.php?t=msg&th=32735&star t=0&
on windows run a repair installation. It seems the update installation doesn't copy all needet files or corrupt access settings. A repair installation with maintain the config files solved it (for me).
Re: Impact of Log4j vulnerability on GFI [message #150723 is a reply to message #150699] Mon, 27 December 2021 15:25 Go to previous messageGo to next message
freakinvibe is currently offline  freakinvibe
Messages: 588
Registered: April 2004
As per

https://support.kerioconnect.gfi.com/hc/en-us/articles/44134 27057810

a repair fixed it for me. Full text search is working again. This is on Windows Server 2019.


Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch

[Updated on: Mon, 27 December 2021 15:27]

Report message to a moderator

Re: Impact of Log4j vulnerability on GFI [message #150725 is a reply to message #150660] Mon, 27 December 2021 22:53 Go to previous messageGo to next message
SebStar
Messages: 47
Registered: August 2015
Is there a solution for macOS installations?
Re: Impact of Log4j vulnerability on GFI [message #150731 is a reply to message #150725] Tue, 28 December 2021 18:26 Go to previous messageGo to next message
peopleXpert is currently offline  peopleXpert
Messages: 1
Registered: December 2021
We have the same issue with our MAC installation. Numerous error messages like IM external process is not responding or is not running, trying to start it again...
Stopping Kerio, deleting the xmpp folder at /usr/local/kerio/mailserver/store and restart Kerio did not help.
Re: Impact of Log4j vulnerability on GFI [message #150774 is a reply to message #150689] Wed, 05 January 2022 10:53 Go to previous messageGo to next message
PPG is currently offline  PPG
Messages: 163
Registered: February 2010
https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-wa rns-companies-remediate-log4j-security-vulnerability

Will this help to upgrade the current used library v2.16.0 to v2.17.0?
Re: Impact of Log4j vulnerability on GFI [message #150836 is a reply to message #150774] Thu, 13 January 2022 15:02 Go to previous messageGo to next message
AndreasL is currently offline  AndreasL
Messages: 111
Registered: July 2008
Location: Germany
Connect V9.4 ist out and contain v2.17.0

We are pleased to announce the product release of Kerio Connect 9.4. This latest version introduces several key security enhancements, including:

• Two-factor authentication (2FA)
• "Let's Encrypt" auto-renewal integration
• Implementation of Log4j 2.17.0
• Added TLS options in GUI

Who will be the first one to try it? I still wait and watch Very Happy

Kind Regards
Andreas
Re: Impact of Log4j vulnerability on GFI [message #150843 is a reply to message #150836] Thu, 13 January 2022 19:47 Go to previous messageGo to next message
Macoperator is currently offline  Macoperator
Messages: 15
Registered: January 2014
Location: Germany
Kerio Connect 9.4 update was successfull, everything is up and running here (server machine: macOS 12.1)! Even the XMPP service is running as opposed to with the 9.3.1p2-update!

[Updated on: Thu, 13 January 2022 19:48]

Report message to a moderator

Re: Impact of Log4j vulnerability on GFI [message #150851 is a reply to message #150836] Fri, 14 January 2022 17:32 Go to previous message
Wilco is currently offline  Wilco
Messages: 99
Registered: July 2005
Location: The Netherlands
What about:
I read today that there is also a new vulnerability (CVE-2021-44832) found in Log4j 2.17.0 who makes it possible for remote code execution (RCE). There is already an update 2.17.1 available.

https://logging.apache.org/log4j/2.x/security.html


Kerio Connect 9.4.1 on Windows Server 2022 (Dutch)
Previous Topic: KC 9.4.1 2FA success stories?
Next Topic: Technical Support for KerioConnect
Goto Forum:
  


Current Time: Thu Aug 11 22:46:29 CEST 2022

Total time taken to generate the page: 0.02886 seconds