- Revenera Community
- :
- InstallAnywhere
- :
- InstallAnywhere Forum
- :
- Re: installanywhere 2021 log4j vulnarablity detacted
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
installanywhere 2021 log4j vulnarablity detacted
hello team,
our Blackduck scan for InstallAnywhere Linux installer has detected log4j vulnerability in the installer extraction. screenshot attached. We are using IA 2021. Do let us know how we can fix this.
Thanks
Sumit
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hello @theone_sumit - Thank you for contacting us about the potential issue. I have passed this on to the InstallAnywhere product team for validation. We will respond with the results of our findings and potential paths to solution (if required).
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Hi @theone_sumit ,
We have removed all references of log4j in InstallAnywhere 2022 and later. We would recommend upgrading to the latest version.
We checked the screenshot shared from IA 2021 version and it looks like log4j dependency is added for some custom actions used in the project. To investigate this further, could you please reply to a private message that we had sent a week back requesting for additional details?