Is Cmap Tools affected by the Log4J security vulnerabilities?

Having problems with IHMC CmapTools? Think you have found a bug? Let us know!
Forum rules
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapTools, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
HaraldR
Posts: 3
Joined: Tue Dec 14, 2021 9:20 am

Re: Is Cmap Tools affected by the Log4J security vulnerabilities?

Post by HaraldR »

Thank you very much for your reply.

We want to remove the java class JMSAppender from the jar file. But it would be much better, if you do so by providing a new (sub)release, or else we would have to remove it in each new release in our organizational context. We are pretty sure, that many users would feel better, if you do so.
Would you be so kind as to give us a positive answer to our request?
HaraldR
Posts: 3
Joined: Tue Dec 14, 2021 9:20 am

Re: Is Cmap Tools affected by the Log4J security vulnerabilities?

Post by HaraldR »

IHMC CmapTools: 6.04 – Windows – as a pure client application
Preferences:
Autosave: Save Cmaps Every 1 minute(s)
Cloud Account: Cloud Account is not used.
Places & Servers: Internet Host Name = *.ihmc.us Port 8080 or 80 + WebServerPort = 443
Directories of Places: Internet Host Name = dop.ihmc.us: activated = true / Port = 80 / Web Server Port = 8001
Discussion Threads = Keep my user ID anonymous = false
Proxy Configuration = do not use proxy server = true
---

Thank you very much for your reply.
We want to remove the java class JMSAppender from the jar file. But it would be much better, if you do so by providing a new (sub)release, or else we would have to remove it in each new release in our organizational context. We are pretty sure, that many users would feel better, if you do so. Would you be so kind as to give us a positive answer to our request?
cmapadmin
Site Admin
Posts: 797
Joined: Sat Dec 13, 2008 2:22 pm

Re: Is Cmap Tools affected by the Log4J security vulnerabilities?

Post by cmapadmin »

We are working on preparing a new release with an updated log4j. We'll let you know as soon as its ready.
cmapadmin
Site Admin
Posts: 797
Joined: Sat Dec 13, 2008 2:22 pm

Re: Is Cmap Tools affected by the Log4J security vulnerabilities?

Post by cmapadmin »

We'll look into removing the JMSAppender class in this new release.
Post Reply