IBM Application Runtimes Come for answers. Stay for best practices. All we’re missing is you. Join / Log in Ask a question
Other Resources
Liberty Guide on Log4j CVE-2021-44228, CVE-2021-4104 and CVE-2021-45046 from openliberty.io
Hi Hermann,PH42728 updates Log4j to a version that has the vulnerability remediated. PH42762 remediates the vulnerabilities by removing Log4j and hence, supersedes PH42728.The listings noted are for payloads within the fixes. They do not reflect what the fixes fully do, which will include relevant and necessary cleanup/removal operations.As you know, what is more important is to check what is there on the system(s) after the application of the fix(es). PH42762 is what is needed if one hasn't installed PH42728.Hope these help.
Hello Yee-Kang .. thanks for the quick response on this one. But I'm wondering as the latest fix PH42762 contains the following files:--- snip ---[hhuebler@hhuelinux hhue]$ unzip -l ./native/9.0.5.3-WS-WASProd-IFPH42762-1s-9.0.5003-1i.file.operations_9.0.5.20211215_0936.zipArchive: ./native/9.0.5.3-WS-WASProd-IFPH42762-1s-9.0.5003-1i.file.operations_9.0.5.20211215_0936.zipLength Date Time Name--------- ---------- ----- ----0 12-15-2021 09:52 installableApps/6951466 12-15-2021 09:52 installableApps/uddi.ear0 12-15-2021 09:52 systemApps/0 12-15-2021 09:52 systemApps/isclite.ear/0 12-15-2021 09:52 systemApps/isclite.ear/kc.war/0 12-15-2021 09:52 systemApps/isclite.ear/kc.war/WEB-INF/0 12-15-2021 09:52 systemApps/isclite.ear/kc.war/WEB-INF/lib/7901 12-15-2021 09:52 systemApps/isclite.ear/kc.war/WEB-INF/lib/slf4j-jdk14-1.7.7.jar--- snip ---while the PH42728 contains:--- snip ---[hhuebler@hhuelinux hhue2]$ unzip -l ./native/9.0.5.3-WS-WASProd-IFPH42728-1s-9.0.5003-1i.file.operations_9.0.5.20211212_1049.zipArchive: ./native/9.0.5.3-WS-WASProd-IFPH42728-1s-9.0.5003-1i.file.operations_9.0.5.20211212_1049.zipLength Date Time Name--------- ---------- ----- ----0 12-12-2021 10:58 installableApps/9024976 12-12-2021 10:58 installableApps/uddi.ear0 12-12-2021 10:58 systemApps/0 12-12-2021 10:58 systemApps/isclite.ear/0 12-12-2021 10:58 systemApps/isclite.ear/kc.war/0 12-12-2021 10:58 systemApps/isclite.ear/kc.war/WEB-INF/0 12-12-2021 10:58 systemApps/isclite.ear/kc.war/WEB-INF/lib/207880 12-12-2021 10:58 systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-1.2-api-2.15.0.jar301805 12-12-2021 10:58 systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-api-2.15.0.jar1789769 12-12-2021 10:58 systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-core-2.15.0.jar24232 12-12-2021 10:58 systemApps/isclite.ear/kc.war/WEB-INF/lib/log4j-slf4j-impl-2.15.0.jar--------- -------11348662 11 files--- snip ---