Sustainability Victoria (SV) has released FirstRate5 v5.3.2a (3.21) and it can now be downloaded from the FirstRate5 website.
This new version contains a fix to address a critical security vulnerability, and SV strongly recommends that all users upgrade as soon as possible.
The security vulnerability is in the form of an exploit within Log4j – a common third-party Java logging library utilised by FirstRate5 (FR5). This vulnerability has been widely reported on and impacts numerous software products.
This Log4j vulnerability poses a potential risk of a user’s computer being compromised, especially if a user opens FR5 project files containing malicious code sent from an unknown source or is running FR5 on a cloud server.
FirstRate5 versions impacted
This security vulnerability impacts all versions of FirstRate5 from FR5 v5.2.1 (3.13) onwards.
SV has now fixed all impacted versions and the updated versions containing the security fix are available for download from the FR5 website (i.e. versions v5.2.1 – v5.3.2a).
What you need to do
SV recommends that all users take the following steps.
- Uninstall from your computer all versions of FirstRate5 from FR5 v5.2.1 (3.13) onwards.
- Download from the FR5 website the updated versions containing the security fix (i.e. versions v5.2.1 – v5.3.2a) and install them on your computer.
Transition Arrangements for FR5 v5.3.1 (3.21)
Until 10 March 2022 (9am), a transition period will be in place. During this period both v5.3.1 (3.21) files (i.e. v5.3.1 and v5.3.1a) and v5.3.2 (3.21) files (i.e. v5.3.2 and v5.3.2a) will automatically calculate on the FirstRate5 website.
After 10 March 2022 (9am), v5.3.2 (3.21) files (i.e. v5.3.2 and v5.3.2a) will continue to automatically calculate on the FirstRate5 website, however v5.3.1 (3.21) files (i.e. v5.3.1 and v5.3.1a) will calculate by special request only.
------------
Note: It is the user’s responsibility to ensure certificates are produced with the appropriate version. If a user chooses to inappropriately use an earlier version of FR5 to produce a certificate, they run the risk that a Building Surveyor will reject the certificate leading to further certificate costs.
Note: Installation of minor releases involving a letter change, eg, v5.3.1a to v5.3.1b, will by default overwrite the previous version, while major releases involving a number change, eg, v5.3.1 (3.21) to v5.3.2 (3.21), will by default install beside older versions.
|