Varnish Administration Console 3.9.2 Release

Published December 20, 2021.

About the release

This is a patch release that includes Log4j2 version 2.17.0, with fixes for CVE-2021-45105.

Varnish Administration Console is not vulnerable by default by CVE-2021-45105 as it requires specific configuration options that can be exploited. This release updates Log4j2 to the latest release to avoid keeping vulnerable versions of Log4j2 even if not affected by it by default.

This version is recommended for all users.