DevOps Automation

DevOps Automation

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  Are RPT and RFT version 10.2.1 susceptible to any of the log4j vulnerabilities?

    Posted Thu January 06, 2022 05:55 PM

    Hello,

    We're currently running RFT / RPT version 10.2.1. Security bulletins indicate that only certain RFT 9.x versions and the RPT JMeter test extension (which we're not using) are susceptible.

    I need to confirm that we do not need to install the Service Refresh 7 for IBM Java Runtime Technology version 8.0.

    Thank you


    #SupportMigration
    #RationalPerformanceTester
    #Support


  • 2.  RE: Are RPT and RFT version 10.2.1 susceptible to any of the log4j vulnerabilities?

    Posted Wed January 12, 2022 01:31 PM

    Sorry for late response, there was a site issue responding to questions.

    RFT is unaffected ref https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/

    RPT security bulletin is at https://www.ibm.com/support/pages/node/6538090

    Updating java is not a remediation step and unless specifically mentioned to do so in a security bulletin it would be an supported configuration

    Thank you


    #SupportMigration
    #RationalPerformanceTester
    #Support