This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bheinemann
Level 2
‎Dec 14, 2021 07:02 AM

Log4j Exploit

Is version 11.13.1.1 we are currently using affected by the current problems with Log4J?

0 Kudos
(2) Replies
jyadav
Flexera Alumni
‎Dec 14, 2021 07:08 AM

FNP Log4j is used in one of our example codes and is not used as part of any functionality. If the you uses that example then you are vulnerable. You can upgrade the component yourself.

Path : C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib\log4j-1.2.8.jar

FNP customer latest update
---------------
Here you can find our official document for the same https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905
as for as FNP 11.18.3 will disable now from PLC and the new version will be uploaded shortly after the fix with the following:

Log4j version has been upgraded to 2.15 in the example section and submitted.
Re-packaged kits will be uploaded to PLC with the new version 11.18.3.1. This will be available in the PLC shortly.
--------
For the old version of FNP, you can follow the above workaround or use the latest version of FNP which will have the fix included.

mrathinam
Revenera Moderator Revenera Moderator
Revenera Moderator
In response to jyadav
‎Dec 14, 2021 07:47 AM

Hi @bheinemann,

   After updated with latest log4j you should see the following files under C:\Program Files\FlexNet Publisher 64-bit License Server Manager\examples\alerter\lib\<find the below image for the files>
log4j FNP after update.png

or log4j-2.26.0.jar also can be replaced.  

Best Regards,