Patch 2025.2.5 / CVEs
Several vulnerabilities have been disclosed affecting the open-source Log4j library:
A version of Log4J is included in the INFOMOTION Data Management Center package and used across all deployment options. However, according to information available so far, only very specific Log4j components (XmlLayout, JsonTemplateLayout, Rfc5424Layout) of Log4j are affected, neither of which are used in the default configuration of INFOMOTION Data Management Center.
Nonetheless, we are now releasing an updated version 2025.2.5 of Data Management Center that includes a patched version of the Log4J dependency.
Bugfixes
-
Fix: Wildcard '*' for numeric data permissions
-
fix: Duplicate name validation for tables and columns
(since 2025.2.4)
Container Image: infomotiondmc.azurecr.io/dmc@sha256:679425375d3590a2e14e8f14e24930056768471d35d3ee710f7a890baeb35e37 WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.2.5/dmc.war (sha256: 9d4b88b27be5780cd3c1b8f8d5b5a8d545286b5f3674b323ef878e9f13c3f180)