darth_fader Posted December 14, 2021 Share Posted December 14, 2021 Curious when TIBCO plans to address the log4j vulnerability for jasper server? Haven't seen anything in the community or the premium portal. We're running 7.5.x Enterprise, and resolving this should be as simple as upgrading log4j from the supplied 2.12.1 (vulnerable) to 2.15 (not vulnerable). But because it's an Enterprise license, we're waiting on an official patch. Any estimates? I haven't seen or heard anything from TIBCO about addressing this for Jasper, and it's been several days since fixes were released for other TIBCO products.Four days of postings with no mention of Jasper:https://www.tibco.com/services/support/public-notices Link to comment Share on other sites More sharing options...
jacquie.kelly Posted December 15, 2021 Share Posted December 15, 2021 Just in case you missed it, a mitigation document and patch have now been released - https://support.tibco.com/s/article/TIBCO-Jaspersoft-Mitigation-for-CVE-2021-44228-Log4Shell Link to comment Share on other sites More sharing options...
gustavofarias Posted December 15, 2021 Share Posted December 15, 2021 https://logging.apache.org/log4j/2.x/security.html"It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations." Link to comment Share on other sites More sharing options...
darth_fader Posted December 15, 2021 Author Share Posted December 15, 2021 Jacquie did you receive a direct notification on that? An email or some notice in the premium portal? I didn't receive anything. Definitely didn't see it and they're not including that on their support public notices. Thank you for sharing that solution! Link to comment Share on other sites More sharing options...
djohnson53 Posted December 15, 2021 Share Posted December 15, 2021 darth_faderYou didn't look far enough down the page (https://www.tibco.com/services/support/public-notices) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now