As many people are aware, a vulnerability was found in Log4j, a 3rd party library that is commonly used in Java-based applications (CVE-2021-44228).
While this vulnerability does not affect any of the Art of WiFi solutions (software and services), it does affect all UniFi Controller/Network Application versions before version 6.5.54. We therefore highly recommend all our customers upgrade to 6.5.54 as soon as possible. When in doubt whether the Art of WiFi solution you’re using will work with that new UniFi Controller/Network Application release, please reach out to us at support@artofwifi.net.
External links
UniFi Controller/Network Application version 6.5.54:
https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
Official Mitre publication for CVE-2021-44228:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Ubiquiti’s initial response to the CVE publication:
https://community.ui.com/questions/UniFi-Controller-security-concern-zero-day-Log4j-exploit/007103a6-823b-4316-ae76-17942539208c#answer/b098ad67-22aa-42ce-9580-c0a7d91c4b89
Ubiquiti’s official Security Bulletin:
https://community.ui.com/releases/Security-Advisory-Bulletin-023-023/808a1db0-5f8e-4b91-9097-9822f3f90207
Edit: added link to Ubiquiti’s Security Bulletin