JRS 7.5.2 has a different version of Log4j, (2.12.1).įor JBoss EAP 7.2.0, the location of log4j files is: The files listed above are applicable to JRS version 7.8.1, 7.9.1, and 8.0.0. (for example: c:\apache-tomcat\webapps\jasperserver-pro\WEB-INF\lib) (for example: c:\apache-tomcat\webapps\jasperserver-pro\*.*).ĭelete the following files from the library folder TIBCO will update this information if there is any impact. Note that updating the JARs should not have any impact on Jaspersoft product functionality. To disable the compromised functionality for JasperReports Server, perform the following steps: *For these Jaspersoft products, customers are responsible for updating libraries for their applications. The following Jaspersoft products are not affected by the Apache Log4J vulnerability: Important Note: The following JDBC datasources will stop working when these drivers are removed:įor additional information on Neo4j CVE mitigation, see. Third-party drivers with vulnerable libraries (instructions for manually removing these libraries are provided in the next section):
TIBCO Jaspersoft products/versions with vulnerable Log4j code: Resolution for Jaspersoft Studio Professional.Resolution for JasperReports IO Professional.Modifying the deployment directly for WebSphere:.Modifying the deployment directly for WebLogic:.Redeploying the JasperReports Server WAR file in WebSphere.Deploying the JasperReports Server WAR file in WebLogic.Deploying from the Administrative Console.AWS Marketplace and QuickStart deployment.
0 kommentar(er)
