Clarity

  • Private Community
 View Only

  • 1.  Vulnerability Apach Log4j 1.2.15

    Posted Dec 28, 2021 02:10 PM
    Hello,
    We use Clarity 19.9.0.294 without Jaspesoft.
    Currently everyone is discussing the CVE-2021-44228 - log4j vulnerability and clarity that only affects Jaspersoft.
    But Clarity uses Log4j 1.2.15 which is impacted by the CVE-2019-17571 vulnerability and i didn't find information around this subject on the knowledge base. It's recommended to upgrade on the version 1.2.17 but this version is now not supported and our cyber security management recommends us to migrate to the last version 2.16.0.
    So do you now if it's possible to use Log4j 2.16.0 and how can we do it ?
    If it's not possible, what is the actions to do if we want to use Log4j 1.2.17
    Ths for your helps.
    NB : as you can see i'm not a technical guy on this subject.


  • 2.  RE: Vulnerability Apach Log4j 1.2.15

    Broadcom Employee
    Posted Dec 28, 2021 02:16 PM
    Hello, 

    Clarity is not affected by this vulnerability and no action is required:
    https://knowledge.broadcom.com/external/article?articleId=230248
    Clarity SaaS and Clarity On-Premise Customers are not affected by this vulnerability as Clarity is not impacted since all versions of Clarity are on Log4j 1.2.15 or older.

    Please just follow the solution for Jaspersoft and nothing else is needed.
    Hope this helps -Nika

    ------------------------------
    Nika Hadzhikidi
    Sr Principal Support Engineer
    Broadcom
    ------------------------------

    Original Message