Gregg:
If you are following normal and prudent procedures, you have installed 14.10.FC7W1 in a separate directory from .FC5 and that's why you are seeing Developer Edition. There is only one installer now, it installs the entire engine package but if you need to run an Edition other than Developer Edition, you need to reinstall the license package you installed along with .FC5. If you don't have it any longer, you should be able to download the license pack from your IBM account where you downloaded .FC5 originally.
Once you have the license pack, just shut down the instance(s), install the license, then when you restart the instance(s) it should start up in Enterprise Edition mode.
Art
------------------------------
Art S. Kagel, President and Principal Consultant
ASK Database Management Corp.
www.askdbmgt.com------------------------------
Original Message:
Sent: Sat February 05, 2022 03:12 PM
From: Gregg Walker
Subject: Informix Products and the Log4J vulnerability, Fixes Available
Hello,
We are trying to upgrade our 14.10.FC5 version to 14.10.FC7W1 with the fix provided at Fix Central.
IBM Support: Fix Central - Select fixes
However, it seems that fix only provides the installer jar for the developer edition? We are running enterprise. Where are those bits available or do we need to contact support?
Thank you kindly,
Gregg Walker
------------------------------
Gregg Walker
Original Message:
Sent: Fri January 07, 2022 11:26 AM
From: Martin Graney
Subject: Informix Products and the Log4J vulnerability, Fixes Available
David:
Yes, you should only be effected by the Log4j Vulnerability ( CVE-2021-44228 ) if you have installed HQ. However, if you have run the default IDS installation it automatically adds the HQ directory with the vulnerable JARs but nothing is running and hence vulnerable until you set up HQ and it is running.
IBM has released version 14.10.FC7W1 that includes the Log4J 2.17 version JARs.
------------------------------
Best regards,
Martin Graney
Queues Enforth Development, Inc.
Woburn, MA 01801
Original Message:
Sent: Fri January 07, 2022 10:40 AM
From: David Williams
Subject: Informix Products and the Log4J vulnerability, Fixes Available
Hi,
Is Informix only affected if you are using InformixHQ?
David.
------------------------------
David Williams
Original Message:
Sent: Fri January 07, 2022 07:59 AM
From: Scott Pickett
Subject: Informix Products and the Log4J vulnerability, Fixes Available
As you know, IBM informix has been affected by the Log4j vulnerability. There are three separate issues here, all of which are fixed by the latest fixes to Informix Server versions 12.10.FC15 and 14.10.FC6 and 14.10.FC7 for all editions.
Today we have posted the latest release of Informix 14.10.FC7W1 to Fix Central here:
This new release is an outright replacement for 14.10.FC6 and 14.10.FC7; these releases are going to be discontinued and permanently withdrawn from service. You should discontinue all usage of 14.10.FC6 and 14.10.FC7 as soon as possible as they are not secure across all editions.
Today we have posted the latest release of Informix 12.10.FC15 to Fix Central here:
There are two updated files at the link above which are the Informix-server.jar and informix-agent.jar files for InformixHQ, for the current release of InformixHQ 1.6.3. These are the same files incorporated into 14.10.FC7W1. There will be a full pack release of 12.10.FC15W1 with the installer for release number purposes in the near future. You should apply the interim fix to the 12.10,FC15 release, as it is not secure across all editions and will be withdrawn permanently from service once the new fix is GA, the date for which is presently unknown.
Finally, the Informix Cloud Pak For Data 4.0.5 will be GA on Jan 16 and also has the Informix fixes for the NEO4J within and available. Upgrade instructions links below will be updated on January 16th with updated commands:
If you are running earlier versions of Informix Cloud Pak for Data based on Informix 14.10.FC6 or Informix 14.10.FC7, for any available Informix Edition, be advised that those Informix Editions have the known log4j security vulnerabilities and should no longer be run. You should upgrade your version of Informix Cloud Pak for Data as soon as possible.
The 14.10 Fix applies to users with Informix On Cloud that are using any of the above affected versions of Informix. The fix for Informix on Cloud users is the same as outlined above.
The above are the only known IBM Informix server products at this time to be affected by the Log4J vulnerability.
Further info:
Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix workaround
Scott Pickett
IBM Informix WW Technical Sales IBM Expert Labs
IBM Informix WW Cloud Technical Sales IBM Expert Labs
IBM Informix WW Cloud Technical Sales ICIAE IBM Expert Labs
IBM Informix WW Informix Warehouse Accelerator Sales IBM Expert Labs
Boston, Massachusetts USA
spickett@us.ibm.com617-899-7549
33 Years Informix User
The current Informix Roadshow presentations are here:
#Informix