cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
theone_sumit
Level 4

installanywhere 2021 log4j vulnarablity detacted

hello team,

our Blackduck scan for InstallAnywhere Linux installer has detected log4j vulnerability in the installer extraction.  screenshot attached. We are using IA 2021. Do let us know how we can fix this. 

Thanks
Sumit

 

 

0 Kudos
(2) Replies
cvirata
Revenera Community Admin Revenera Community Admin
Revenera Community Admin

Hello @theone_sumit - Thank you for contacting us about the potential issue. I have passed this on to the InstallAnywhere product team for validation. We will respond with the results of our findings and potential paths to solution (if required).

0 Kudos
VineethaNair
Level 6


Hi  @theone_sumit ,

We have removed all references of log4j in InstallAnywhere 2022 and later. We would recommend upgrading to the latest version.

We checked the screenshot shared from IA 2021 version and it looks like log4j dependency is added for some custom actions used in the project. To investigate this further, could you please reply to a private message that we had sent a week back requesting for additional details? 

 

0 Kudos