darth_fader Posted December 20, 2021 Share Posted December 20, 2021 Tibco,A new log4j vulernability has been identified, CVE-2021-45105, and the issue is resolved in log4j 2.17.0. Are there any plans to release a hotfix/patch to address this new vulernability? The latest hotfix for enterprise licenses doesn't address this vulnerability.In the mean time we're going to try upgrading manually to log4j 2.17.0, but as enterprise licensees, we'd prefer an official patch from Tibco. And thank you all for being so responsive around these issues, I know there are a number of TIBCO java based products impacted. Link to comment Share on other sites More sharing options...
darth_fader Posted December 20, 2021 Author Share Posted December 20, 2021 FYI, simply replacing 2.16.0 with 2.17.0 results in the following:SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".SLF4J: Defaulting to no-operation (NOP) logger implementationSLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.SLF4J Error CodesWhich equates to no logging. So we're just going to wait for an official patch and hope for the best. Link to comment Share on other sites More sharing options...
darth_fader Posted December 22, 2021 Author Share Posted December 22, 2021 Patches have been released, FYI. Thank you TIBCO/Jasper Dev Team!https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now