our Blackduck scan for InstallAnywhere Linux installer has detected log4j vulnerability in the installer extraction. screenshot attached. We are using IA 2021. Do let us know how we can fix this.
Hello @theone_sumit - Thank you for contacting us about the potential issue. I have passed this on to the InstallAnywhere product team for validation. We will respond with the results of our findings and potential paths to solution (if required).
We have removed all references of log4j in InstallAnywhere 2022 and later. We would recommend upgrading to the latest version.
We checked the screenshot shared from IA 2021 version and it looks like log4j dependency is added for some custom actions used in the project. To investigate this further, could you please reply to a private message that we had sent a week back requesting for additional details?
