Hello  are there any news about new vulnerability CVE-2021-44832? Apache has released new jar 2.17.1. In Flexnet operations there is at least one log entry using JDBC Appender in file  C:\Program Files\FlexNet Operations\release\flexnet.ear\flexnet.war\WEB-INF\classes\flexnet-log4j.xml <DataSource jndiName="java:/jdbc/FLEXnetDataSource" /> But that datasource is using java protocol, which should be safe, it it so that FNO is not affected by CVE-2021-44832? Pauli       ... View more

@jefflaing @jholcomb  Have you noticed that new version 2.17.0 has been released as 2.16.0 has a new vulnerability. https://logging.apache.org/log4j/2.x/security.html I have removed  JndiLookup.class from all log4j-core files and it seems a good solution so far. But now I wonder if Flexnet Operations is vulnerable to new CVE-2021-45105.  It seems that FNO is not using Context Lookup (like ${ctx:loginId}) in log4j configuration by default and so it should not be vulnerable, but I'm no log4j expert, perhaps Flexera knows better. Pauli ... View more

@jefflaing If you block outgoing connections, in the long term it could be great if FNO gets it license renewed from Flexera servers.  ... View more