IET Community   ›   News and Views from IET   ›   IET News and Announcements   ›   Apache log4j Remote Code Execution Zero Day - Active Exploit

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Apache log4j Remote Code Execution Zero Day - Active Exploit
Darius Panahy
IET
*******
Joined: May 2020
Posts: 171

#6
2021-12-24, 03:14 PM
(2021-12-24, 09:02 AM)m.b Wrote:
(2021-12-20, 06:28 PM)Darius Panahy Wrote: We have analysed the Rapide runtime and the usage of log4j by third party utilities and have concluded that log4j is not required by Rapide. Therefore, to remove the need for further updates in the event that additional vulnerabilities are encountered and fixed in log4j, we have removed it from Rapide in version 3.0.5. This means that the following releases no longer use log4j:

  • Rapide 3.0.5
  • GuardIEn Web Client (8.7.5 and 8.8.0)
  • Studio Developer (8.7.5.0001 and 8.8.0.0001)


Rapide 2.0 still contains (but does not use) log4j and is patched to version 2.17.0.
Do I understand correctly that it is safe to remove file log4j-1.2.15.jar from C:\Program Files\IET\Client880\Studio\rapide\uk.co.iet.rapide.win32_3.0.0_lib after installing the DevOps Suite? We do not have a license for Rapide, so it's never used.
Yes, it can be removed.
--
Darius Panahy, IET Ltd
  Website
  Reply


Messages In This Thread
RE: Apache log4j Remote Code Execution Zero Day - Active Exploit - by Darius Panahy - 2021-12-24, 03:14 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)

   Visit the IET Web Site for product information and contact details and privacy policy. Visit the IET Support Centre for product support and downloads.