Solved: Log4j vulnerability on FNMEA Agent

Rince_Antony · ‎Dec 01, 2022

Hi All,

We can see log4j-1.2.17.jar being used by FNMEA Agent 5.6.0.0. Is there a version of the Flexnet Manager for Engineering Applications agent that uses the latest Log4j?

If not, what is the best option to remediate the Log4j vulnerability? Appreciate any help!

tschaus · ‎Dec 01, 2022

@Rince_Antony The latest FNMEA Agent is v.5.10. We actually adressed the Log4j vulnerability issue in FNMEA Agent v. 5.9. Details of the new FNMEA releases can be found here: https://docs.flexera.com/?product=FlexNet%20Manager%20for%20Engineering%20Applications

View solution in original post

tschaus · ‎Dec 01, 2022

@Rince_Antony The latest FNMEA Agent is v.5.10. We actually adressed the Log4j vulnerability issue in FNMEA Agent v. 5.9. Details of the new FNMEA releases can be found here: https://docs.flexera.com/?product=FlexNet%20Manager%20for%20Engineering%20Applications

Rince_Antony · ‎Dec 01, 2022

@tschaus Thanks for the prompt response! Appreciate the same.

I tried to open the link to the release notes for FNMEA Agent 5.10 and it gives me a 404 error. The link is below for your reference. We will try to upgrade the agent 5.10. Thank you!

https://docs.flexera.com/fnmea/2022r1/pdf/FlexNetAgent_510_Release_Notes.pdf

tschaus · ‎Dec 01, 2022

We will have this fixed asap.