SummaryImportant Note: We will keep this page updated as more information becomes available. TIBCO is aware of the recently announced Apache Log4J vulnerability (CVE-2021-44228), referred to as “Log4Shell”. Performing these attacks requires an attacker to have control of log messages or at least the parameters for a given log message. Impact: arbitrary code execution as the user the parent process is running as (code fetched from the public Internet, or lolbins already present on the system, or just fetching shared secrets or environment variables and returning them to the attacker). Targets: All Jaspersoft Products and also log anything using the log4j framework - primarily a server-side concern, but any vulnerable endpoint could be a target or a pivot point. The sections below describe the affected products and versions, as well as how to mitigate the Log4j vulnerability. | [toc] |
Product | Affected Versions |
JasperReports Server | 7.5.x, 7.8.x, 7.9.x, 8.0.0 |
JasperReports Server Community Edition | 7.5.x, 7.8.x, 8.0.0 |
JasperReports IO Pro | 1.3.0, 2.0.0, 3.0.0 |
JasperReports IO At-Scale | 2.0.0, 3.0.0 |
Jaspersoft Studio Pro | 7.3.x, 7.5.x, 7.8.x, 7.9.x, 8.0.0 |
Scalable Query Engine | 8.0.0 |
Third-party drivers with vulnerable libraries (instructions for manually removing these libraries are provided in the next section):
Product/Version | Drivers/Affected JAR Files |
JasperReports Server 8.0.0 | Neo4j: neo4j-jdbc42-1.0.8.1009.jar Spark: spark-jdbc42-2.6.18.1023.jar Impala: impala-jdbc42-2.6.21.1025.jar |
JasperReports Server 7.9.x | Neo4j: neo4j-jdbc42-1.0.2.1002.jar Spark: spark-jdbc42-2.6.16.1020.jar Impala: impala-jdbc42-2.6.18.1021.jar |
JasperReports Server 7.8.x | Neo4j: neo4j-jdbc42-1.0.2.1002.jar Spark: spark-jdbc42-2.6.10.1013.jar Impala: impala-jdbc42-2.6.15.1017.jar |
JasperReports Server 7.5.0 | Spark: spark-jdbc42-2.6.10.1013.jar Impala: impala-jdbc42-2.6.15.1017.jar |
Important Note: The following JDBC datasources will stop working when these drivers are removed:
- Neo4j
- SparkSQL
- Impala
For additional information on Neo4j CVE mitigation, see https://community.neo4j.com/t/log4j-cve-mitigation-for-neo4j/48856.
Products Not Affected
The following Jaspersoft products are not affected by the Apache Log4J vulnerability:
JasperReports Library Pro*
JasperReports Library Community Edition*
*For these Jaspersoft products, customers are responsible for updating libraries for their applications.
Resolution for JasperReports Server
To disable the compromised functionality for JasperReports Server, perform the following steps:
Note that updating the JARs should not have any impact on Jaspersoft product functionality. TIBCO will update this information if there is any impact.
Stop the application server.
Find the root web application folder
(for example: c:apache-tomcatwebappsjasperserver-pro*.*).
Delete the following files from the library folder
(for example: c:apache-tomcatwebappsjasperserver-proWEB-INFlib)
log4j-api-2.13.3.jar log4j-core-2.13.3.jar log4j-jcl-2.13.3.jar log4j-jul-2.13.3.jar log4j-slf4j-impl-2.13.3.jar log4j-web-2.13.3.jar log4j-1.2-api-2.13.3.jar
For JRS 8.0.x, also delete:
neo4j-jdbc42-1.0.8.1009.jar spark-jdbc42-2.6.18.1023.jar impala-jdbc42-2.6.21.1025.jar
For JRS 7.9.x, also delete:
neo4j-jdbc42-1.0.2.1002.jar spark-jdbc42-2.6.16.1020.jar impala-jdbc42-2.6.18.1021.jar
For JRS 7.8.x, also delete:
neo4j-jdbc42-1.0.2.1002.jar spark-jdbc42-2.6.10.1013.jar impala-jdbc42-2.6.15.1017.jar
For JRS 7.5.x, also delete:
spark-jdbc42-2.6.10.1013.jar impala-jdbc42-2.6.15.1017.jar
Notes:
The files listed above are applicable to JRS version 7.8.1, 7.9.1, and 8.0.0. JRS 7.5.2 has a different version of Log4j, (2.12.1).
For JBoss EAP 7.2.0, the location of log4j files is:
../jboss-eap-7.2/standalone/deployments/jasperserver-pro.war/WEB-INF/lib
For Wildfly 18/19, the location of log4j files is:
../standalone/deployments/jasperserver-pro.war/WEB-INF/lib
Add the following files (Jar download location is also provided):
- log4j-api-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api/2.17.1)
- log4j-core-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.1)
- log4j-jcl-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-jcl/2.17.1)
- log4j-jul-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-jul/2.17.1)
- log4j-slf4j-impl-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.17.1)
- log4j-web-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-web/2.17.1)
- log4j-1.2-api-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-1.2-api/2.17.1)
For JBoss and Wildfly application servers, change the reference of Log4j jar versions from 2.13.3 to 2.17.1 in jboss-deployment-structure.xml.
Example JBoss file location:
C:jbossstandalonedeploymentsjasperserver-pro.warMETA-INF
Example Wildfly file location:
C:wildfly1910standalonedeploymentsjasperserver-pro.warMETA-INF
Old references will be:
<resource-root path="WEB-INF/lib/log4j-web-2.13.3.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-slf4j-impl-2.13.3.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-jul-2.13.3.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-jcl-2.13.3.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-core-2.13.3.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-api-2.13.3.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-1.2-api-2.13.3.jar" use-physical-code-source="true"/>
New references should be:
<resource-root path="WEB-INF/lib/log4j-web-2.17.1.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-slf4j-impl-2.17.1.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-jul-2.17.1.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-jcl-2.17.1.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-core-2.17.1.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-api-2.17.1.jar" use-physical-code-source="true"/> <resource-root path="WEB-INF/lib/log4j-1.2-api-2.17.1.jar" use-physical-code-source="true"/>
Start the application server.
AWS Marketplace and QuickStart deployment
ssh into the running instance.
Locate the application server under /var/lib/tomcat/ and follow Tomcat steps above . Find jars under /var/lib/tomcat/webapps/jasperserver-pro/WEB-INF/lib.
Note: For JRS 7.5.2, the directory is:
/var/lib/tomcat8/webapps/jasperserver-pro/WEB-INF/lib.
WebLogic and WebSphere
Deploying from the Administrative Console
Deploying from the Administrative Console requires changes to the original war file. Perform the following steps to patch the war file for any Application Servers.
Find originally deployed war file.
Using the Java jar tool or an unzip tool, unpack the jasperserver-pro.war file. For example, enter these commands to use the Java jar tool:
mkdir jasperserver-pro cd jasperserver-pro "%JAVA_HOME%/bin/jar" xvf ../jasperserver-pro.war
Delete JARs to avoid conflict with WebLogic JARs:
Go to the WEB-INF/lib directory: cd jasperserver-pro/WEB-INF/lib.
Delete the following conflicting JARs:
log4j-api-2.13.3.jar log4j-core-2.13.3.jar log4j-jcl-2.13.3.jar log4j-jul-2.13.3.jar log4j-slf4j-impl-2.13.3.jar log4j-web-2.13.3.jar log4j-1.2-api-2.13.3.jar
For JRS 8.0.x, also delete:
neo4j-jdbc42-1.0.8.1009.jar spark-jdbc42-2.6.18.1023.jar impala-jdbc42-2.6.21.1025.jar
For JRS 7.9.x, also delete:
neo4j-jdbc42-1.0.2.1002.jar spark-jdbc42-2.6.16.1020.jar impala-jdbc42-2.6.18.1021.jar
For JRS 7.8.0, also delete:
neo4j-jdbc42-1.0.2.1002.jar spark-jdbc42-2.6.10.1013.jar impala-jdbc42-2.6.15.1017.jar
For JRS 7.5.0, also delete:
spark-jdbc42-2.6.10.1013.jar impala-jdbc42-2.6.15.1017.jar
Notes: The files listed above are applicable to JRS version 7.8.1, 7.9.1, and 8.0.0. JRS 7.5.2 has a different version of Log4j, (2.12.1).
Add the following files (Jar download location is also provided)
- log4j-api-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api/2.17.1)
- log4j-core-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.1)
- log4j-jcl-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-jcl/2.17.1)
- log4j-jul-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-jul/2.17.1)
- log4j-slf4j-impl-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.17.1)
- log4j-web-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-web/2.17.1)
- log4j-1.2-api-2.17.1.jar (https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-1.2-api/2.17.1)
Repackage the jasperserver-pro.war file, using commands such as the following:
cd ../.. mv ../jasperserver-pro.war ../BAK-jasperserver-pro.war "%JAVA_HOME%/bin/jar" cvf ../jasperserver-pro.war cd .. mv jasperserver-pro BAK-jasperserver-pro
Deploying the JasperReports Server WAR file in WebLogic
To deploy the JasperReports Server WAR file in WebLogic (based on Install Guide):
Enable the Lock & Edit button:
Select the Preferences link at the top of the Admin console.
Scroll to the bottom of the User Preferences screen and deselect Automatically Acquire Lock and Activate Changes.
Save.
In the Administrative Console, click the Lock & Edit button and navigate to Deployments.
On the Deployments page, click the Install button.
Select the path to <js-install>. Click Next.
Leave the radio button selected for Install this deployment as an application. Click Next.
When prompted, enter the following parameter values:
Name: jasperserver-pro
Security: Roles and Policies
Source accessibility: Use the defaults defined by the deployment's targets
Review your choices and click Save.
Redeploying the JasperReports Server WAR file in WebSphere
To redeploy the JasperReports Server WAR file in WebSphere (based on Install Guide):
In the Administrative Console, navigate to Applications > New Application and select New Enterprise Application. (JasperReports Server is a modern application, based on Java Servlet version 2.4, so you do not select the older, WebSphere V4 compliant application type.)
Browse to <js-install>/jasperserver-pro.war on the local file system. Keep the default setting (Fast path) selected and click Next.
On the Select installation options page, accept all the default settings and click Next.
On the Map modules to servers page, make sure the JasperReports Server module is mapped to the cell, node, and server that you want. Click Next.
On the Map modules to servers page, select jasperserver. Click Next.
On the Map resource references to resources page, map the resources you want:
First, select the Browse button under the jdbc/jasperserver resource. In the page that opens, select the jdbc/jasperserver radio button, and click Apply. Then select the check box next to the jdbc/jasperserver resource.
If you plan to run the sample reports, follow the same steps for jdbc/surgarcrm and jdbc/foodmart, making sure to select the correct radio button for each one.
When you have mapped all resources, select the check boxes next to every resource that has been mapped.
Click Next.
On the Map virtual hosts page, choose the JasperServer UI application module. Click Next.
In the Map context roots for Web modules, enter jasperserver-pro.
Click Next, review the summary information and start the installation process. (The installation process may take a while.)
Click Save directly to the master configuration.
Modifying the deployment directly for WebLogic:
Stop the application server.
Switch to the directory where the old log4j jar files are located.
For example:
/opt/Oracle/Middleware/Oracle_Home/domains/jasper_domain/servers/myserver/tmp/_WL_user/jasperserver-pro/jjb30p/war/WEB-INF/lib
Delete the old log4j*2.13.3.jar files.
Note: The file listed above is applicable to JRS version 7.8.1, 7.9.1, and 8.0.0. JRS 7.5.2 has a different version of Log4j, (2.12.1).
Place the new log4j*2.17.1.jar files into the same directory.
Restart the application server.
Modifying the deployment directly for WebSphere:
Stop the application server.
Switch to the directory where the old log4j jar files are located.
For example: /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/installedApps/<node_cell_dir>/jasperserver-pro_war.ear/jasperserver-pro.war/WEB-INF/lib
Delete the old log4j*2.13.3.jar files. Note: The file listed here is applicable to JRS version 7.8.1, 7.9.1, and 8.0.0. JRS 7.5.2 has a different version of Log4j, (2.12.1).
- Place the new log4j*2.17.1.jar files into the same directory.
Restart application server.
AWS Cluster Deployment Fix
For JRS 7.8.0-HF2 and JRS 7.9.1
Download and copy the log4j_aws_fix.sh (available in the Attachments section at the end of this article) to the Amazon S3 JasperReports customization bucket under the webapps/jasperserver-pro/WEB-INF folder.
Note: The S3 bucket referred to here is generated when you generate the stack/instance. The S3 bucket name is available in the Cloud Formation Stack output tab. You can search the S3 buckets by date, to see when the latest S3 buckets were generated.
Update the CloudFormation Template (CFT) with the following changes under the AWS::CloudFormation::Init section of LaunchConfig:
"4-log4jFix": { "cwd" : "/var/lib/tomcat/webapps/jasperserver-pro/WEB-INF/", "command" : { "Fn::Join" : [" ", ["sudo systemctl stop tomcat && chmod +x log4j_aws_fix.sh && ./log4j_aws_fix.sh && systemctl start tomcat"] ] }, "failOnError" : "true"
Under the Restart section, add the 4-log4jFix to the commands list. For example:
"commands" : ["2-pullCustomizations","3-enableCluster","4-log4jFix"]
Update the CloudFormation stack with the updated changes by uploading the new template.
Restart the already running instances.
For JRS 7.5.2, 7.9.1 or JRS 7.8.0 HF2, the directory to check is:
/var/lib/tomcat/webapps/jasperserver-pro/WEB-INF/libs
For JRS 7.5.1
Download and copy the log4j_aws_750_fix.sh (available in the Attachments section at the end of this article) to the Amazon S3 JasperReports customization bucket under the webapps/jasperserver-pro/WEB-INF folder.
Update the CloudFormation Template (CFT) with the following changes under the AWS::CloudFormation::Init section of LaunchConfig:
"4-log4jFix": { "cwd" : "/var/lib/tomcat8/webapps/jasperserver-pro/WEB-INF/", "command" : { "Fn::Join": [" ", ["sudo service tomcat8 stop && chmod +x log4j_aws_750_fix.sh && ./log4j_aws_750_fix.sh && service tomcat8 start"] ] }, "failOnError": "true"
Under the Restart section, add the 4-log4jFix to the commands list. For example:
"commands" : ["2-pullCustomizations","3-enableCluster","4-log4jFix"]
Update the CloudFormation stack with the updated changes by uploading the new template.
Restart the already running instances.
Note: To upgrade log4j from v2.16 or any other version to v2.17.1, run the following command on the instance to get the current version of log4j:
ls -l /usr/share/tomcat/webapps/jasperserver-pro/WEB-INF/lib/log4j-*
Then update log4j_aws_fix.sh or log4j_aws_750_fix.sh to remove those jars. After that, you could perform all the steps above.
Resolution for JasperReports IO Professional
Version 1.3.0
Stop JRIO application.
Remove the following files from the [JRIO_PRO]/jrio/webapps/jrio/WEB-INF/lib folder:
log4j-api-2.8.2.jar log4j-core-2.8.2.jar log4j-jcl-2.8.2.jar log4j-jul-2.8.2.jar
Add the following files to the [JRIO_PRO]/jrio/webapps/jrio/WEB-INF/lib folder:
log4j-api-2.17.0.jar log4j-core-2.17.0.jar log4j-jcl-2.17.0.jar log4j-jul-2.17.0.jar
Start JRIO application.
Version 2.0.0
Start JRIO application.
Remove the following files from the [JRIO_PRO]/jrio/webapps/jrio/WEB-INF/lib folder:
log4j-api-2.8.2.jar log4j-core-2.8.2.jar log4j-jcl-2.8.2.jar log4j-jul-2.8.2.jar log4j-slf4j-impl-2.8.2.jar
Add the following files to the [JRIO_PRO]/jrio/webapps/jrio/WEB-INF/lib folder:
log4j-api-2.17.0.jar log4j-core-2.17.0.jar log4j-jcl-2.17.0.jar log4j-jul-2.17.0.jar log4j-slf4j-impl-2.17.0.jar
Start JRIO application.
Version 3.0.0
Stop JRIO application.
Remove the following files from the [JRIO_PRO]/jrio/webapps/jrio/WEB-INF/lib folder:
log4j-api-2.14.0.jar log4j-core-2.14.0.jar log4j-jcl-2.14.0.jar log4j-jul-2.14.0.jar log4j-slf4j-impl-2.14.0.jar
Add the following files to the [JRIO_PRO]/jrio/webapps/jrio/WEB-INF/lib folder:
log4j-api-2.17.0.jar log4j-core-2.17.0.jar log4j-jcl-2.17.0.jar log4j-jul-2.17.0.jar log4j-slf4j-impl-2.17.0.jar
Start JRIO application.
Resolution for Jaspersoft Studio Professional
Version 7.5.0 and Version 7.8.0
Close JSS application.
Remove the following files from the [JSS_PRO]/jrio/jrio/WEB-INF/lib folder:
log4j-api-2.8.2.jar log4j-core-2.8.2.jar log4j-jcl-2.8.2.jar log4j-jul-2.8.2.jar
Add the following files to the [JSS_PRO]/jrio/jrio/WEB-INF/lib folder:
log4j-api-2.17.1.jar log4j-core-2.17.1.jar log4j-jcl-2.17.1.jar log4j-jul-2.17.1.jar
Open JSS application.
Version 7.9.0
Close JSS application.
Remove the following files from the [JSS_PRO]/jrio/jrio/WEB-INF/lib folder:
log4j-api-2.8.2.jar log4j-core-2.8.2.jar log4j-jcl-2.8.2.jar log4j-jul-2.8.2.jar log4j-slf4j-impl-2.8.2.jar
Add the following files to the [JSS_PRO]/jrio/jrio/WEB-INF/lib folder:
log4j-api-2.17.1.jar log4j-core-2.17.1.jar log4j-jcl-2.17.1.jar log4j-jul-2.17.1.jar log4j-slf4j-impl-2.17.1.jar
Open JSS application.
Version 8.0.0
Close JSS application.
Remove the following files from the [JSS_PRO]/jrio/jrio/WEB-INF/lib folder:
log4j-api-2.14.0.jar log4j-core-2.14.0.jar log4j-jcl-2.14.0.jar log4j-jul-2.14.0.jar log4j-slf4j-impl-2.14.0.jar
Add the following files to the [JSS_PRO]/jrio/jrio/WEB-INF/lib folder:
log4j-api-2.17.1.jar log4j-core-2.17.1.jar log4j-jcl-2.17.1.jar log4j-jul-2.17.1.jar log4j-slf4j-impl-2.17.1.jar
Open JSS application.
Scalable Query Engine
Locate distribution root folder:
cd <js-install>
Unpack index file:
"%JAVA_HOME%/bin/jar" xf scalable-query-engine-8.0.0.jar BOOT-INF/classpath.idx
Delete old version of log4j:
zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-slf4j-impl-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-core-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-api-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-1.2-api-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-jcl-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-layout-template-json-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-kubernetes-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-docker-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-spring-boot-2.14.1.jar zip -d scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-jul-2.14.1.jar
Create folder BOOT-INF/lib and put all new versions of log4j there.
Add new versions of log4j to the jar:
"%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-core-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-slf4j-impl-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-core-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-api-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-1.2-api-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-jcl-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-layout-template-json-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-kubernetes-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-docker-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-spring-boot-2.17.1.jar "%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/lib/log4j-jul-2.17.1.jar
Update BOOT-INF/classpath.idx entries that starts from `- "BOOT-INF/lib/log4j-` with new file names version.
Add updated BOOT-INF/classpath.idx to the jar:
"%JAVA_HOME%\bin\jar" uf scalable-query-engine-8.0.0.jar BOOT-INF/classpath.idx
Available Hotfixes
Hotfixes are available for the following products and versions. Please note that these hotfixes are only available to TIBCO customers and users with Support Portal access.
- JSS Pro 7.3.1: https://support.tibco.com/s/hotfixes?id=a014z00000yUBUZAA4
- JSS Pro 7.5.0: https://support.tibco.com/s/hotfixes?id=a014z00000yUBUeAAO
- JSS Pro 7.8.0: https://support.tibco.com/s/hotfixes?id=a014z00000yU0utAAC
- JSS Pro 7.9.0: https://support.tibco.com/s/hotfixes?id=a014z00000yTuU3AAK
- JSS Pro 8.0.0: https://support.tibco.com/s/hotfixes?id=a014z00000yUBUjAAO
- JRIO Pro 1.3.0: https://support.tibco.com/s/hotfixes?id=a014z00000yUBW1AAO
- JRIO Pro 2.0.0: https://support.tibco.com/s/hotfixes?id=a014z00000yUBW6AAO
- JRIO At-Scale 2.0.0: https://support.tibco.com/s/hotfixes?id=a014z00000yUBWBAA4
- JRIO At-Scale 3.0.0: https://support.tibco.com/s/hotfixes?id=a014z00000yUBWGAA4
References
- For more information, see the TIBCO Apache Log4J Vulnerability Daily Update.
Document History
- Version 8.0 (March 8, 2022): Updated Log4j jar file versions from 2.17.0 to 2.17.1.
- Version 7.0 (January 7, 2022): Updated information for JRS 7.9.1 and JRS 7.8.0 HF2.
- Version 6.0 (December 23, 2021): Updated Log4j jar file versions from 2.16.0 to 2.17.0.
- Version 5.0 (December 20, 2021): Added list and instructions for additional third-party drivers (Neo4j, Spark, Impala) that need to be manually deleted from 8.0.0, 7.9.0, 7.8.0, and 7.5.0.
- Version 4.0 (December 17, 2021): Added JSS Pro, JRIO Pro, and JRIO At-Scale hotfix links.
- Version 3.2 (December 16, 2021): Added log4j sh script files.
- Version 3.1 (December 15, 2021): Minor edits to AWS Cluster Deployment Fix section.
- Version 3.0 (December 15, 2021): Added AWS Cluster Deployment Fix, updated Log4j jar file versions from 2.15.0 to 2.16.0; moved JasperReports Library Pro and JasperReports Library Community Edition to Products Not Affected list; updated Available Hotfix links.
- Version 2.0 (December 14, 2021) Added Available Hotfix links.
- Version 1.1 (December 13, 2021) Updated Reference bullet: https://community.jaspersoft.com/documentation/tibco-jasperreports-server-installation-guide/v790/introduction.
- Version 1.0 (December 13, 2021): Initial version.
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now