DevOps Automation

 View Only
Expand all | Collapse all

Are RPT and RFT version 10.2.1 susceptible to any of the log4j vulnerabilities?

  • 1.  Are RPT and RFT version 10.2.1 susceptible to any of the log4j vulnerabilities?

    Posted Thu January 06, 2022 05:55 PM

    Hello,

    We're currently running RFT / RPT version 10.2.1. Security bulletins indicate that only certain RFT 9.x versions and the RPT JMeter test extension (which we're not using) are susceptible.

    I need to confirm that we do not need to install the Service Refresh 7 for IBM Java Runtime Technology version 8.0.

    Thank you


    #SupportMigration
    #RationalPerformanceTester
    #Support


  • 2.  RE: Are RPT and RFT version 10.2.1 susceptible to any of the log4j vulnerabilities?

    Posted Wed January 12, 2022 01:31 PM

    Sorry for late response, there was a site issue responding to questions.

    RFT is unaffected ref https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/

    RPT security bulletin is at https://www.ibm.com/support/pages/node/6538090

    Updating java is not a remediation step and unless specifically mentioned to do so in a security bulletin it would be an supported configuration

    Thank you


    #SupportMigration
    #RationalPerformanceTester
    #Support