Cognos Analytics

We are on version=11.1.7-2112191704 and have been since around I believe December 2021/January 2022.

I believe this is CA 11.1.7 FP4, but I am not 100% sure.

At that time, we believed this version to be Log4j compliant, but our security team is suggesting a necessary upgrade to FP9.

Obviously, if we have to do an upgrade at this time, I'd much rather go to one of the latest CA 11.2.4 releases.

However, I just need to know, is version=11.1.7-2112191704 Log4j compliant?

Thanks in advance,

------------------------------
Adam McIlravey
------------------------------

We are on version=11.1.7-2112191704 and have been since around I believe December 2021/January 2022.

I believe this is CA 11.1.7 FP4, but I am not 100% sure.

At that time, we believed this version to be Log4j compliant, but our security team is suggesting a necessary upgrade to FP9.

Obviously, if we have to do an upgrade at this time, I'd much rather go to one of the latest CA 11.2.4 releases.

However, I just need to know, is version=11.1.7-2112191704 Log4j compliant?

Thanks in advance,

------------------------------
Adam McIlravey
------------------------------

Hi Adam,

It looks like you are on 11.1.7 IF7 which was before the log4j patching occurred.  The best version to go to at this time would be FP6 if you are staying on 11.1.7 or 11.2.4.1 if you want to use this time to get to the newest version which is also now in long term support (LTS).  There was an issue with 11.2.4 Fix Pack 1, so 11.2.4.1 is the most recent/stable version.

Let me know if you need any help.

-Todd

We are on version=11.1.7-2112191704 and have been since around I believe December 2021/January 2022.

I believe this is CA 11.1.7 FP4, but I am not 100% sure.

At that time, we believed this version to be Log4j compliant, but our security team is suggesting a necessary upgrade to FP9.

Obviously, if we have to do an upgrade at this time, I'd much rather go to one of the latest CA 11.2.4 releases.

However, I just need to know, is version=11.1.7-2112191704 Log4j compliant?

Thanks in advance,

------------------------------
Adam McIlravey
------------------------------

In lieu of performing an upgrade, I found the below on IBM Support - Is this still a way to become fully Log4j compliant?

Link is: https://www.ibm.com/support/pages/node/6534624?mhsrc=ibmsearch_a&mhq=Cognos%20Analytics%20vulnerability%20%26lpar%3BCVE-2021-44228%26rpar%3B%20

Thanks again,
Adam.

Hi Adam,

It looks like you are on 11.1.7 IF7 which was before the log4j patching occurred.  The best version to go to at this time would be FP6 if you are staying on 11.1.7 or 11.2.4.1 if you want to use this time to get to the newest version which is also now in long term support (LTS).  There was an issue with 11.2.4 Fix Pack 1, so 11.2.4.1 is the most recent/stable version.

Let me know if you need any help.

-Todd

We are on version=11.1.7-2112191704 and have been since around I believe December 2021/January 2022.

I believe this is CA 11.1.7 FP4, but I am not 100% sure.

At that time, we believed this version to be Log4j compliant, but our security team is suggesting a necessary upgrade to FP9.

Obviously, if we have to do an upgrade at this time, I'd much rather go to one of the latest CA 11.2.4 releases.

However, I just need to know, is version=11.1.7-2112191704 Log4j compliant?

Thanks in advance,

------------------------------
Adam McIlravey
------------------------------

Hi Adam,

You can do that, but I would recommend using the Fix Packs instead.  The manual process involves modifying some of the source code and if you upgrade later, you are going to have to revert back to the original which is easy to forget months later.

-Todd

In lieu of performing an upgrade, I found the below on IBM Support - Is this still a way to become fully Log4j compliant?

Link is: https://www.ibm.com/support/pages/node/6534624?mhsrc=ibmsearch_a&mhq=Cognos%20Analytics%20vulnerability%20%26lpar%3BCVE-2021-44228%26rpar%3B%20

Thanks again,
Adam.

------------------------------
Adam McIlravey

Original Message:
Sent: Fri May 05, 2023 07:58 AM
From: Todd Schuman
Subject: CA 11.1.7 - Log4j Addressed Release/Version

Hi Adam,

It looks like you are on 11.1.7 IF7 which was before the log4j patching occurred.  The best version to go to at this time would be FP6 if you are staying on 11.1.7 or 11.2.4.1 if you want to use this time to get to the newest version which is also now in long term support (LTS).  There was an issue with 11.2.4 Fix Pack 1, so 11.2.4.1 is the most recent/stable version.

Let me know if you need any help.

-Todd

We are on version=11.1.7-2112191704 and have been since around I believe December 2021/January 2022.

I believe this is CA 11.1.7 FP4, but I am not 100% sure.

At that time, we believed this version to be Log4j compliant, but our security team is suggesting a necessary upgrade to FP9.

Obviously, if we have to do an upgrade at this time, I'd much rather go to one of the latest CA 11.2.4 releases.

However, I just need to know, is version=11.1.7-2112191704 Log4j compliant?

Thanks in advance,

------------------------------
Adam McIlravey
------------------------------

We are on version=11.1.7-2112191704 and have been since around I believe December 2021/January 2022.

I believe this is CA 11.1.7 FP4, but I am not 100% sure.

At that time, we believed this version to be Log4j compliant, but our security team is suggesting a necessary upgrade to FP9.

Obviously, if we have to do an upgrade at this time, I'd much rather go to one of the latest CA 11.2.4 releases.

However, I just need to know, is version=11.1.7-2112191704 Log4j compliant?

Thanks in advance,

------------------------------
Adam McIlravey
------------------------------