Adam, I would second what Todd recommended. I have crossed that bridge recently and learned quickly, not to cross that bridge again!
Kevin Samuelson
Senior Technical Cognos Consultant Software Developer
Jenzabar Product Development
O - 857.504.9923
C - 620.474.4213
kevin.samuelson@jenzabar.com
Join us May 31-June 3, 2023 at
Register now!
Original Message:
Sent: 5/8/2023 11:07:00 AM
From: Todd Schuman
Subject: RE: CA 11.1.7 - Log4j Addressed Release/Version
Hi Adam,
You can do that, but I would recommend using the Fix Packs instead. The manual process involves modifying some of the source code and if you upgrade later, you are going to have to revert back to the original which is easy to forget months later.
-Todd
------------------------------
Todd Schuman
------------------------------
Original Message:
Sent: Fri May 05, 2023 08:40 AM
From: Adam McIlravey
Subject: CA 11.1.7 - Log4j Addressed Release/Version
In lieu of performing an upgrade, I found the below on IBM Support - Is this still a way to become fully Log4j compliant?
Link is: https://www.ibm.com/support/pages/node/6534624?mhsrc=ibmsearch_a&mhq=Cognos%20Analytics%20vulnerability%20%26lpar%3BCVE-2021-44228%26rpar%3B%20
Thanks again,
Adam.
------------------------------
Adam McIlravey
Original Message:
Sent: Fri May 05, 2023 07:58 AM
From: Todd Schuman
Subject: CA 11.1.7 - Log4j Addressed Release/Version
Hi Adam,
It looks like you are on 11.1.7 IF7 which was before the log4j patching occurred. The best version to go to at this time would be FP6 if you are staying on 11.1.7 or 11.2.4.1 if you want to use this time to get to the newest version which is also now in long term support (LTS). There was an issue with 11.2.4 Fix Pack 1, so 11.2.4.1 is the most recent/stable version.
Let me know if you need any help.
-Todd
------------------------------
Todd Schuman
Original Message:
Sent: Thu May 04, 2023 01:29 PM
From: Adam McIlravey
Subject: CA 11.1.7 - Log4j Addressed Release/Version
We are on version=11.1.7-2112191704 and have been since around I believe December 2021/January 2022.
I believe this is CA 11.1.7 FP4, but I am not 100% sure.
At that time, we believed this version to be Log4j compliant, but our security team is suggesting a necessary upgrade to FP9.
Obviously, if we have to do an upgrade at this time, I'd much rather go to one of the latest CA 11.2.4 releases.
However, I just need to know, is version=11.1.7-2112191704 Log4j compliant?
Thanks in advance,
------------------------------
Adam McIlravey
------------------------------