Good morning,
Enterprise vulnerability scans are identifying the Log4J instance on CmapTools to be vulnerable for two reasons:
Path: C:\Program Files\IHMC CmapTools\classes\log4j-1.2.12.jar
1. Apache considers 1.x to be end of life
2. Several CVEs apply to the version of log4j CmapTools uses - https://logging.apache.org/log4j/1.2/
Whether or not the listed CVEs are actually applicable to the instance of CmapTools, the industry I work in requires a response to software instances that are end of life. I see forum traffic from Dec 2021 where an update to Log4j was planned for CmapTools. Is that still in progress?
Thanks,
Updating Log4J Past 1.2?
Forum rules
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapTools, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapTools, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
-
cmapadmin
- Site Admin
- Posts: 788
- Joined: Sat Dec 13, 2008 2:22 pm
Re: Updating Log4J Past 1.2?
Hi,
We are beta testing the new version. Should be made public soon.
We are beta testing the new version. Should be made public soon.
-
thomasfrank
- Posts: 2
- Joined: Mon Nov 20, 2023 3:23 am