Global Data Management Forum

Short description: Apache Log4j Unsupported Version Detection

Priority: 2 - High

Description: A logging library running on the remote host is no longer supported.
Upgrade to a version of Apache Log4j that is currently supported.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Path: C:\Program Files\IBM\SDPShared\plugins\com.ibm.nex.3rdparty.apache_2.2.0.v20100417_1714\lib\log4j-1.2.14.jar
Installed version: 1.2.14

Path: C:\Program Files\IBM\SDPShared\plugins\com.hp.hpl.jena.rdf_2.6.3.v20171117_2207\log4j-1.2.14.jar
Installed version: 1.2.14

• IBM Data Server Client
• IBM Data Server Driver Package

Hello Zenon, We are facing same issue as the one you have described. Could you please share what steps you took to remediate it?

Short description: Apache Log4j Unsupported Version Detection

Priority: 2 - High

Description: A logging library running on the remote host is no longer supported.
Upgrade to a version of Apache Log4j that is currently supported.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Path: C:\Program Files\IBM\SDPShared\plugins\com.ibm.nex.3rdparty.apache_2.2.0.v20100417_1714\lib\log4j-1.2.14.jar
Installed version: 1.2.14

Path: C:\Program Files\IBM\SDPShared\plugins\com.hp.hpl.jena.rdf_2.6.3.v20171117_2207\log4j-1.2.14.jar
Installed version: 1.2.14

• IBM Data Server Client
• IBM Data Server Driver Package

Short description: Apache Log4j Unsupported Version Detection

Priority: 2 - High

Description: A logging library running on the remote host is no longer supported.
Upgrade to a version of Apache Log4j that is currently supported.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Path: C:\Program Files\IBM\SDPShared\plugins\com.ibm.nex.3rdparty.apache_2.2.0.v20100417_1714\lib\log4j-1.2.14.jar
Installed version: 1.2.14

Path: C:\Program Files\IBM\SDPShared\plugins\com.hp.hpl.jena.rdf_2.6.3.v20171117_2207\log4j-1.2.14.jar
Installed version: 1.2.14

The only IBM products installed are DB2 Connect related: 

• IBM Data Server Client
• IBM Data Server Driver Package

Are there instructions as to how to replace the old log4j version with the fixed version?  I uninstalled the old DB2 Connect v11.1 and installed the v11.5 FP 7 version in hopes that it would have replaced log4j in the directories above.

Any help would be greatly appreciated!  I doubt that following the instructions on https://logging.apache.org/log4j/2.x/manual/migration.html would work, would it?!?

Thank you in advance!

------------------------------
Zenon Piatek
------------------------------

#DataManagementGlobal
#DataServerDrivers