You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -54,7 +54,7 @@ Newly-supported major use cases in this release include:
- Administrators with a large `actionlogrecord` table can read docs on archiving and then trimming it. (Issue #5916, PR #8292)
- Administrators can list locks across all datasets. (PR #8445)
- Administrators can run a version of Solr that doesn't include a version of log4j2 with serious known vulnerabilities. We trust that you have patched the version of Solr you are running now following the instructions that were sent out. An upgrade to the latest version is recommended for extra peace of mind. (PR #8415)
- Administrators can run a version of Dataverse that doesn't include a version of log4j1 with known vulnerabilities. Please note that any such potential vulnerabilities in this version of log4j were not as severe as with the version used with Solr. We were not aware of any practical exploits that could be used to compromise Dataverse Software (PR #8377)
- Administrators can run a version of the Dataverse Software that doesn't include any version of log4j (neither version 1 nor 2). log4j2 has never been included with the Dataverse Software. As of this version, neither does the Dataverse Software include log4j1, which had vulnerabilities that were much less severe than log4j2. We are not aware of any practical exploits that could be used to compromise the Dataverse Software based on its inclusion of log4j1 in previous releases. (PR #8377)
## Notes for Dataverse Installation Administrators
