Updating Log4J Past 1.2?
Posted: Wed Oct 11, 2023 10:43 am
Good morning,
Enterprise vulnerability scans are identifying the Log4J instance on CmapTools to be vulnerable for two reasons:
Path: C:\Program Files\IHMC CmapTools\classes\log4j-1.2.12.jar
1. Apache considers 1.x to be end of life
2. Several CVEs apply to the version of log4j CmapTools uses - https://logging.apache.org/log4j/1.2/
Whether or not the listed CVEs are actually applicable to the instance of CmapTools, the industry I work in requires a response to software instances that are end of life. I see forum traffic from Dec 2021 where an update to Log4j was planned for CmapTools. Is that still in progress?
Thanks,
Enterprise vulnerability scans are identifying the Log4J instance on CmapTools to be vulnerable for two reasons:
Path: C:\Program Files\IHMC CmapTools\classes\log4j-1.2.12.jar
1. Apache considers 1.x to be end of life
2. Several CVEs apply to the version of log4j CmapTools uses - https://logging.apache.org/log4j/1.2/
Whether or not the listed CVEs are actually applicable to the instance of CmapTools, the industry I work in requires a response to software instances that are end of life. I see forum traffic from Dec 2021 where an update to Log4j was planned for CmapTools. Is that still in progress?
Thanks,