Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Application Runtimes Come for answers. Stay for best practices. All we’re missing is you. Join / Log in Ask a question

Skip main navigation (Press Enter).

DevOps Automation

View Only

Expand all | Collapse all

Are RPT and RFT version 10.2.1 susceptible to any of the log4j vulnerabilities?

Community Support AdminThu January 06, 2022 05:55 PM

Hello, We're currently running RFT / RPT version 10.2.1. Security bulletins indicate that only certain ...

Community Support AdminWed January 12, 2022 01:31 PM

Sorry for late response, there was a site issue responding to questions. RFT is unaffected ref https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/ ...

1. Are RPT and RFT version 10.2.1 susceptible to any of the log4j vulnerabilities?

0 Like
Community Support Admin
Posted Thu January 06, 2022 05:55 PM

Reply
Hello,
We're currently running RFT / RPT version 10.2.1. Security bulletins indicate that only certain RFT 9.x versions and the RPT JMeter test extension (which we're not using) are susceptible.
I need to confirm that we do not need to install the Service Refresh 7 for IBM Java Runtime Technology version 8.0.
Thank you

#SupportMigration
#RationalPerformanceTester
#Support
2. RE: Are RPT and RFT version 10.2.1 susceptible to any of the log4j vulnerabilities?

0 Like
Community Support Admin
Posted Wed January 12, 2022 01:31 PM

Reply
Sorry for late response, there was a site issue responding to questions.
RFT is unaffected ref https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
RPT security bulletin is at https://www.ibm.com/support/pages/node/6538090
Updating java is not a remediation step and unless specifically mentioned to do so in a security bulletin it would be an supported configuration
Thank you

#SupportMigration
#RationalPerformanceTester
#Support

Powered by Higher Logic