Metabase - v1.41.4

Security

Bug fixes

Addresses the CVE-2021-44228 security vulnerability by updating log4j2 to 2.15.0

If you are unable to upgrade right away, then please add mitigation by setting the Java property log4j2.formatMsgNoLookups=true
JAR example: java ... -Dlog4j2.formatMsgNoLookups=true ... -jar metabase.jar
Docker example: docker run ... -e JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true" ...

Upgrading

You can download a .jar of the release, or get the latest on Docker. Make sure to back up your Metabase
database before you upgrade! Need help? Check out our
upgrading instructions.

Docker image: metabase/metabase-enterprise:v1.41.4
Download the JAR here: https://downloads.metabase.com/enterprise/v1.41.4/metabase.jar

Notes

SHA-256 checksum for the 1.41.4 JAR:

9a3a22ff714e9045137754a25636f5941c5f6dc96fbdf387c2998070583a6966

Security

CVE-2021-44228

Details

date

Dec. 10, 2021, 8:23 p.m.

name

Metabase® Enterprise Edition™ v1.41.4

type

Patch

official page

https://github.com/metabase/metabase/releases/tag/v1.41.4

👇

🔍View and search all Metabase releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)