Month: December 2021

Update: 15 December 2021 – version 6.5.54 and earlier is vulnerable. Please update Unifi Controller again.

With the recent Log4j vulnerability, CVE-2021-442228, UniFi controller version 6.5.54 and earlier is vulnerable.

Jacobalberty has backported the fix to v6.0.45 and v5.14.23 for those whom are on the older hardware or controller versions.

For ours, we will be migrating to the latest v6 build by changing out Docker tag to “jacobalerty/unifi:v6” instead of “jacobalerty/unifi:stable-6” by following UniFi Controller – Docker Tag Change again with the tag changed.

References:

• https://community.ui.com/releases/Security-Advisory-Bulletin-023-023/808a1db0-5f8e-4b91-9097-9822f3f90207?page=1
• https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1
• https://github.com/jacobalberty/unifi-docker#important-news