Vulnerabilities (fixed in February 2023)

Customer(s)

All customers are required to update Germain with the below patches.

Description

As part of our SOC2 compliance program, here are the security breaches that have been found in December, and patches to address those. We remain available to help you with these issues. If you have not already, you can create a ticket here: https://germainux.atlassian.net/servicedesk/customer/portal/1 or email us at info@germainux.com

Vulnerability	Severity	Scope	Detected	Reviewed	Resolved	Affected versions	Fix implemented in	Link
[CVE-2023-25194]	HIGH	kafka-clients [3.0.2] -> 3.4.0	2/12/2023	2/13/2023	2/13/2023	<= 2022.5	2022.3, 2022.4, 2022.5	https://nvd.nist.gov/vuln/detail/CVE-2023-25194

2022.3-58

Standard:

https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.3-58-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.3-58-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.3-58-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.3-58-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.3-58-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.3-58-binary.zip

Docker:

public.ecr.aws/h0m9e4y5/germainapm-engines:2022.3-58
public.ecr.aws/h0m9e4y5/germainapm-server:2022.3-58
public.ecr.aws/h0m9e4y5/germainapm-services:2022.3-58

2022.4-47

Download:

https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.4-47-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.4-47-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.4-47-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.4-47-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.4-47-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.4-47-binary.zip

Docker:
public.ecr.aws/h0m9e4y5/germainapm-engines:2022.4-47
public.ecr.aws/h0m9e4y5/germainapm-server:2022.4-47
public.ecr.aws/h0m9e4y5/germainapm-services:2022.4-47

2022.5-40

Standard:

https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.5-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.5-40-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.5-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.5-40-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.5-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.5-40-binary.zip

Docker:

public.ecr.aws/h0m9e4y5/germainapm-engines:2022.5-40
public.ecr.aws/h0m9e4y5/germainapm-server:2022.5-40
public.ecr.aws/h0m9e4y5/germainapm-services:2022.5-40