- Revenera Community
- :
- FlexNet Publisher
- :
- FlexNet Publisher Forum
- :
- Re: Log4j Exploit
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Log4j Exploit
Is version 11.13.1.1 we are currently using affected by the current problems with Log4J?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
FNP Log4j is used in one of our example codes and is not used as part of any functionality. If the you uses that example then you are vulnerable. You can upgrade the component yourself.
Path : C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib\log4j-1.2.8.jar
FNP customer latest update
---------------
Here you can find our official document for the same https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905
as for as FNP 11.18.3 will disable now from PLC and the new version will be uploaded shortly after the fix with the following:
Log4j version has been upgraded to 2.15 in the example section and submitted.
Re-packaged kits will be uploaded to PLC with the new version 11.18.3.1. This will be available in the PLC shortly.
--------
For the old version of FNP, you can follow the above workaround or use the latest version of FNP which will have the fix included.
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi @bheinemann,
After updated with latest log4j you should see the following files under C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib\<find the below image for the files>
or log4j-2.26.0.jar also can be replaced.
Best Regards,