While ZPE Systems has identified Nodegrid versions v4.2.x, v5.0x, v5.2.x to be possibly affected by the CVE-2021-44228, we could not yet confirm that the systems can be exploited.
Regardless, we released new version to fix such vulnerabilities:
December 16, 2021: v4.2.17
December 16, 2021: v5.0.15
December 17, 2021: v5.2.7
The Nodegrid v3.2.x and EOL v4.0.x versions are _not_ affected by this vulnerability.
The EOL v4.1.x version is affected, and we recommend to upgrade to v4.2.17, 5.0.15 or 5.2.7. If version is older than 4.1.6, you will need to upgrade to 4.1.6 and then to the latest versions. From 4.1.6 version, you can upgrade directly to the latest versions.
ZPE Cloud is not affected by this CVE.
ZPE Software and Cloud are _not_ vulnerable to CVE-2021-4125 (OpenShift Metering Hive container images).
ZPE Software and Cloud are _not_ vulnerable to CVE-2021-44832 (Apache Log4j2)