Embold's response to Log4shell

Embold is affected by the widely discussed log4shell (CVE-2021-44228) security vulnerability.

Embold for Cloud Customers
We have planned to release new versions of Embold cloud V1 and V2 containing a fixed version of the affectedlog4j2library today.

Embold for On-premise Customers

On-premise customers using Embold on internal networks are at very low risk. The only risk is if someone from inside the network tries to breach. We have planned to release the new versions of Embold cloud containing a fixed version of the affected log4j2 library today. We plan to make the same available to on-premise customers with the next release (1.9.4.0). We will keep you updated, so you can upgrade as soon as it becomes available.

But till that is available, as a precautionary measure, we recommend you make the following changes to your deployment as suggested by Apache[https://logging.apache.org/log4j/2.x/security.html](https://logging.apache.org/log4j/2.x/security.html)

Steps for Embold On-Premises docker deployment:

  1. Ensure that no scans are in progress.
  2. Stop and remove the running embold docker container.
  3. Add the following parameter to the existing docker run command:
    -e LOG4J_FORMAT_MSG_NO_LOOKUPS=true
  4. Run the docker command with the above parameter added.

Steps for Embold On-Premises Windows deployment using Embold installer:

  1. Ensure that no scans are in progress.
  2. On the Windows machine, open System Environment variable.
  3. Add a new Environment variable with variable name: LOG4J_FORMAT_MSG_NO_LOOKUPSand value true.
  4. Once the environmental variable is set, open Windows Services Window (using services.msc).
  5. Restart the following 3 Embold related services:
    a. GammaService
    b. Gamma_Tomcat_Service
    c. Gamma_UI_Service

Steps for Embold On-Premises Ubuntu/CentOS deployment using Embold installer:

  1. Ensure that no scans are in progress.
  2. On the terminal, using nano or vi or any other editor open file/etc/default/gamma
  3. Add environment variable export LOG4J_FORMAT_MSG_NO_LOOKUPS==true below the last line of the file (export NODE_ENV=production).
  4. Save the file
  5. Ensure that the new environment variable is saved in the file by viewing the /etc/default/gammafile again using nano or vi or any other editor.
  6. On the terminal run command: sudo service gamma restart