Safety vulnerability ID: 52516
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Localstack 0.13.2 updates its MAVEN dependency 'log4j' to v2.17.0 to include security fixes (via Java utils).
Latest version: 3.4.0
LocalStack - A fully functional local Cloud stack
Announcements
* **Security fixes**: This release upgrades **log4j** dependencies to version `2.17.0` to fix the critical security vulnerabilities [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228), [CVE-2021-45046](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046)
Change Log
1. New Features
* add initial support for region-based in-place partition rewriting
* add "--offline" pytest flag, skip "online-only" tests, fix some tests
* add SKIP_SSL_CERT_DOWNLOAD option to allow skipping download of SSL cert
2. Enhancements
* bump version of Java utils to 0.2.18 to fix log4j vulnerability CVE-2021-44228, CVE-2021-45046
* refactor README.md to make it crisp and readable
* refactor Lambda logic to remove local executor Callable from model entities
* automatically pull non-cached Docker images on image inspection
* replace dict calls with comprehensions
* small fixes to allow running LocalStack with podman
* reduce log level of edge port configuration hook
* correctly wait for stay-open port to be available, fix fallback to exec mode
* add compatibility checks for S3 copy object with metadata
* add proper error response message to reject empty SNS messages
* minor refactoring to use negative index -1 to get the last element of sequence
* minor refactoring of Lambda API for better extensibility
3. Bug Fixes
* fix updating of HTTP method in message handler chain to avoid None methods
* fix misc. tests failing for non-default region
* fix Terraform test issue related to SQS changes in the AWS provider
* fix association of VPCs in Route53 HostedZone responses
* fix CloudFormation updates for EC2::Instance with empty SecurityGroups property
* fix listing of KMS signing keys for asymmetric key pairs
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application