Hi!
Well, that's not final proof, but there is at least one indication, that HMCs might not be affected:
hscroot@mqde01hmcsap01:~> ls /usr/share/java/log4j*
/usr/share/java/log4j12-1.2.17.jar /usr/share/java/log4j-1.2.17.jar /usr/share/java/log4j-1.jar
So while log4j is installed, that version isn't affected.... Disclaimer: That doesn't mean, that there is an affected version installed anywere else.
Best regards,
Alexander
PS: Looking at HMC V9R2 M950.
------------------------------
Alexander Reichle-Schmehl
------------------------------
Original Message:
Sent: Mon December 13, 2021 09:16 AM
From: Matt Dulson
Subject: HMC and Log4j
Hi,
anyone have any idea if the HMC is in any way affected by the recent log4j vulnerability?
Would be nice to know if I need to start the planning of emergency HMC updates or not.
If all else fails I can log a call with IBM but wondered if anyone else had already been privy to any relevant info.
Matt
------------------------------
Matt Dulson
------------------------------