[sumo-announce] SUMO 1.11.0 update released (log4j vulnerability)
Dear friends and users,
although only a small part of the SUMO universe is running with Java,
we are not entirely unaffected by the most recent events. Good news
first: If you are not using lisum-gui
(https://sumo.dlr.de/docs/Tools/LiSuM.html) or not even know what it is
you can stop reading now.
For all the others:
Please note that due to the log4j vulnerability
lisum-gui.jar in the distribution 1.11.0 has been replaced. Until today
it contained a vulnerable version of the library. All other files are as
in the original release. So if you are a lisum-gui user please download
and install the release again. You can also download an updated
lisum-gui.jar directly: https://sumo.dlr.de/daily/lisum-gui.jar. Please
note that no other part of SUMO (not even lisum-core.jar) is affected
and also our web server https://sumo.dlr.de is not running Java code.
(Older releases however still contain the vulnerable code in
lisum-gui.jar and will not be replaced.)
So now enjoy your holidays if there are any ahead of you and keep
Michael (for the SUMO team)
Am 23.11.21 um 09:17 schrieb Jakob Erdmann:
> Dear friends and users,
> we are happy to announce the release of SUMO version 1.11.0.
> The download links are at https://sumo.dlr.de/docs/Downloads.html
> Have fun with the new release,
> Angelo, Laura, Pablo, Jakob, Robert, Melanie, Johannes, Matthias,
> Michael and Yun-Pang.
> sumo-announce mailing list
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/sumo-announce