BPM, Workflow, and Case

 View Only

  • 1.  Log4j Upgrade - Need Info

    Posted Wed December 15, 2021 04:44 PM

    Hi ,

    Need help on the Log4j Vulnerability, Few questions on this,

    1.Log4j fix already applied on the WAS, do we still need to make an upgrade on IBM products(ICN, CaseBuilder) where log4j-1.2.17 is present in the war file lib, or WAS fix is enough?

    2. Does Vulnerability affect custom batch jobs(Utilities) also? (we are using log4j-1.2.17, just to know we need to hurry or not at this point of time)

    Env Details,

    ICM - 5.2.1

    ICN 203.7

    CPE 5.2



    #CaseManager
    #Support
    #SupportMigration


  • 2.  RE: Log4j Upgrade - Need Info

    Posted Tue April 12, 2022 01:36 PM

    I have the same challange using log4j-1.2.17 and does this equal Apache log4j version 2.17?



    #CaseManager
    #Support
    #SupportMigration


  • 3.  RE: Log4j Upgrade - Need Info

    Posted Tue April 12, 2022 01:42 PM

    Hi ,


    We have not made any changes as the impact would be on log4j 2.x.


    Regards,

    Shiva



    #CaseManager
    #Support
    #SupportMigration


  • 4.  RE: Log4j Upgrade - Need Info

    Posted Tue April 12, 2022 02:01 PM

    Did they every get back to you if the version you had is the same as apache 2.17? I opened a support ticket as well to see how these version map. I would be very surprised if 11.2.1 is using apache log4j version 1.2.x that is really old. In fact Log4j 1.x had reached end of life according to Apache. Thus I think the 1. is IBM number but not sure yet. Unless you got a response?



    #CaseManager
    #Support
    #SupportMigration