got it, thank you - fix for
6.0.0.x was released today, I was checking yesterday
------------------------------
Lucas Kadzinski
------------------------------
Original Message:
Sent: Thu December 16, 2021 07:59 PM
From: Wai Man Wong
Subject: log4j vulnerability Connect:Direct for Windows 6.1.0.2
Version 6.1 and 4.8 has released the fix on CVE-2021-44228. .........please go to IBM fix central and check .....
4.8.0.3_iFix037: MFT-12770 / APAR IT39370 / CVE-2021-44228
Description of Issue: There is a vulnerability in Apache Log4j used by Install Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE.
Description of Fix: Updated log4j in Install Agent.
Fix Availability Date: 13 December 2021
High Impact: Y
Reported Severity: 1
------------------------------
Wai Man Wong
Original Message:
Sent: Thu December 16, 2021 11:45 AM
From: Lucas Kadzinski
Subject: log4j vulnerability Connect:Direct for Windows 6.1.0.2
The fix available from IBM fix central is from before log4j announcement and doesn't mention it at all...
Is Connect:Direct affected by this in a first place?
------------------------------
Lucas Kadzinski
Original Message:
Sent: Wed December 15, 2021 01:12 AM
From: Wai Man Wong
Subject: log4j vulnerability Connect:Direct for Windows 6.1.0.2
fix is available and please download it from IBM fix central.
------------------------------
Wai Man Wong
Original Message:
Sent: Sat December 11, 2021 11:12 PM
From: Julie Miller
Subject: log4j vulnerability Connect:Direct for Windows 6.1.0.2
Hi,
Has anyone got any information on a fix for this as yet?
Thanks,
Julie
------------------------------
Julie Miller
------------------------------
#filetransfer
#DataExchange