IBM Business Automation Community Come for answers. Stay for best practices. All we’re missing is you. Join / Log in Ask a question
Need help on the Log4j Vulnerability, Few questions on this,
1.Log4j fix already applied on the WAS, do we still need to make an upgrade on IBM products(ICN, CaseBuilder) where log4j-1.2.17 is present in the war file lib, or WAS fix is enough?
2. Does Vulnerability affect custom batch jobs(Utilities) also? (we are using log4j-1.2.17, just to know we need to hurry or not at this point of time)
ICM - 5.2.1
I have the same challange using log4j-1.2.17 and does this equal Apache log4j version 2.17?
We have not made any changes as the impact would be on log4j 2.x.
Did they every get back to you if the version you had is the same as apache 2.17? I opened a support ticket as well to see how these version map. I would be very surprised if 11.2.1 is using apache log4j version 1.2.x that is really old. In fact Log4j 1.x had reached end of life according to Apache. Thus I think the 1. is IBM number but not sure yet. Unless you got a response?