• Avantra server (master and UI)
  • 21.11.3 and above - download link
  • 20.11.12 and above - download link
• Avantra agents
  • 21.11.3 and above (requires server version 21.11.2+ and SAP transports 20.11.7+) - download link
  • 20.11.12 and above (requires server version 20.11.11+ and SAP transports 20.11.7+) - download link
  • 20.11.703 (requires server version 20.11.7+ and SAP transports 20.11.2 - 20.11.7) - download link
  • 20.5.9 (requires server version 20.5.6+) - to be released on Tuesday, December 21 2021

We have released patches for all updates the log4j team has issued. Here are the latest security related solution documents that customers need to read:

• CVE-2021-45105 - Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
• CVE-2021-45046 - Log4j2 Thread Context Message/Lookup
• CVE-2021-44228 - Log4j - JNDI message lookup
• CVE-2021-44228 - Custom Check - verify Avantra has been hardened
• CVE-2021-44228 - Sample code - agent configuration changes - linux

We advise customers to upgrade to the latest available version of Avantra to ensure the protection against CVE exploits from previous versions of the Log4j component.

If you need to speak with Customer Support, please log a ticket in the Support Hub.

Avantra takes the security of our software and our customers very seriously - it is our top priority. We encourage you to get proactive updates as we post them by subscribing to the security section of our forum.

Avantra CEO, John Appleby, has also released a blog post on the matter.