Bug fixes
- Addresses the
CVE-2021-44228
security vulnerability by updatinglog4j2
to2.15.0
If you are unable to upgrade right away, then please add mitigation by setting the Java property log4j2.formatMsgNoLookups=true
JAR example: java ... -Dlog4j2.formatMsgNoLookups=true ... -jar metabase.jar
Docker example: docker run ... -e JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true" ...
Upgrading
You can download a .jar of the release, or get the latest on Docker. Make sure to back up your Metabase
database before you upgrade! Need help? Check out our
upgrading instructions.
Docker image: metabase/metabase:v0.41.4
Download the JAR here: https://downloads.metabase.com/v0.41.4/metabase.jar
Notes
SHA-256 checksum for the 0.41.4 JAR:
8a14b5db169f2f66d8fcc0d9de597822e83a1f250c3cff57d4dddf384f2314f7