Critical Upgrade Alert for ALL DataCenter versions prior to 8.2.16 - Apache Log4j vulnerabilities fixed. This issue will impact all customers on 5.x, 6.x, 7.x, and all current 8.x customers, if not on version 8.2.16. The Apache Log4j vulnerabily issue was resolved in 8.2.16, and can only be resolved by upgrading to the 8.2.16 version of the Command Server component (the clients are not affected). Warning: Upgrading to a new version is not reversible. If you have an older version, there is no going back with or without NovaCARE support.
Only the Command Server component of the DataCenter software was affected by the Apache Log4j vulnerabilities, and so it is recommended to upgrade the Command Server component to 8.2.16 if at all possible, and if your DataCenter license supports it (if you are running 8.x now then likely it would be unless you are out of support maintenance, in that case it may deny the upgrade if attempted). For instance for those already running version 8.x then it is simple to upgrade your Command Server component to the latest version just by running the installer to upgrade your existing 8.x version in place. The DataCenter clients are not vulernable as they do not utilize any Apache Log4j components. Since the Apache Log4j vulnerabilities only affect the Command Server component, then in a pinch you can always just upgrade the Command Server 8.2.16 component if you are already running version 8.2.x for that component, as normally the older 8.2.x clients can talk to newer 8.2.x Command Server just fine. It is always best practice however to have your client version match your Command Server version, but you could upgrade the clients at a later time.
You can verify the version of the Command Server by running the GUI ('DC Management Console' or 'Launch NovaStor DataCenter' shortcut) app and once logged in the version will be displayed at the top of the application. You can also navigate to Nodes Management and locate the Command Server node there, it will be in the 'Command Servers' group. This example shows the Command Server node is running 8.2.12:
You can also verify the installed version if you connect to the Command Server (Windows machine) and then navigate to the '%Program Files%\NovaStor\DataCenter\gui-client\' folder, right-click on DataCenter-GUI.exe and do Properties, then Details tab, and read the 'File version' value there. In this example the version is 8.2.12:
There are 3 options that can be taken to resolve the issue:
- If you have current maintenance/subscription and are already on version 8.x or newer of the software then you can download the latest version 8.2.16 (or whatever version is newer than that as of the date you read this article) here and read the upgrade guide here if you want to do it yourself, or click here to schedule a time for us to help you do the upgrade.
- If you have current maintenance/subscription and are not on version 8.x click here to schedule a time for us to help you do the upgrade.
- If you are not current on maintenance/subscription please contact DC Info and we will work with you.