Bug fixes
- Addresses the
CVE-2021-44228
security vulnerability by updatinglog4j2
to2.15.0
If you are unable to upgrade right away, then please add mitigation by setting the Java property log4j2.formatMsgNoLookups=true
JAR example: java ... -Dlog4j2.formatMsgNoLookups=true ... -jar metabase.jar
Docker example: docker run ... -e JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true" ...
Upgrading
You can download a .jar of the release, or get the latest on Docker. Make sure to back up your Metabase
database before you upgrade! Need help? Check out our
upgrading instructions.
Docker image: metabase/metabase:v0.40.7
Download the JAR here: https://downloads.metabase.com/v0.40.7/metabase.jar
Notes
SHA-256 checksum for the 0.40.7 JAR:
0af686adcb48930ebb3750316e77bfc02b00712c11591cad445da9479e7af0d2