LEOS Pilot 3.1.1 - Security patch

1 year ago

About LEOS


LEOS (Legislation Editing Open Software) is a software that was created under ISA2 Action 2016.38 Legislation Interoperability Tools - LegIT to address the need of the public administration and European Institutions to generate draft legislation in a legal XML format.


It is a legislation editor and this current release supports the drafting of the 'secondary' legislation of the EU law which has to be adopted under the Ordinary Legislative Procedure. Therefore, it covers the writing of Proposals for Directive, Decision and Regulation submitted by the Commission to the Council and the Parliament. If you want to find out more about this procedure, please read the European Parliament's article.


Given the high diversity of legislative traditions encountered across the Union and the different levels of modernisation, it was extremely difficult to provide a universal single turnkey ICT solution that adapts to each specific context. Even if a significant part of the business logic can be found embedded in the code, we design with the goal of delivering re-usable building blocks so LEOS is released Open Source as we believe that some parts of it could be reused and adapted by some other Public Administration having similar needs. For more information on the features please check out our article here.


The code is available for free under EUPL licence (version 1.2 or – as soon they will be approved by the European Commission - subsequent versions of the EUPL (the "Licence")), and the development team paid attention to organise the code in a structured way to ease its reusability (modules, plugins…).  

For more information on the EUPL licence, please visit this link


What’s new?

The main differences compared to the previous version are:

  • Security patch for CVE-2021-44228 applied over:
    • AKN4EU Utils : Exclusion of log4j library from spring-boot-starter-web dependency
    • In Memory CMIS:
      • Updated log4j version to V2.16.0
      • Updated jetty-maven-plugin version to 9.4.44.v20210927 (fix compatibility issue between previous version and patched version of log4j)

What’s gone?

  • Nothing this time.


Get in touch

We are envisaging to create an open source community on software for legislation drafting, in order to share best practices, experiences, expertise, and why not code!!
Should you be interested in joining our open source community, or you would just like to share with us some observations on our work, please contact us at:


We are looking forward to hearing from you,

The LEOS Team