Author Message
NLiyana
Joined: Mar 19, 2021
Messages: 15
Offline
Hello,
We have been requested to resolve security vulnerabilities for log4j-1.2.15.jar. Please let me know what needs to be done.
OD - 07.10.12.02

Thanks in advance!
JohnBiggs
Joined: Jun 20, 2005
Messages: 932
Location: Thornton, CO
Offline
The information that Avaya is providing is covered here:
https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609
NLiyana
Joined: Mar 19, 2021
Messages: 15
Offline
Hi John,
Thanks for the link. It shows as JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data and users should upgrade to Log4j 2. Can we simply replace Log2j 2 without upgrading OD version?

Thanks in advance!
massimo__croci
Joined: Jan 31, 2020
Messages: 190
Offline
Hi,

AOD 8.1.1 (latest release) natively supports log4j 2.16.0, developers suggest to don't upgrade just log4j: https://www.devconnectprogram.com/forums/posts/list/25357.page

You can install AOD 8.1.1 alongside AAOD 7.x, just keep all files in different folders and use different workspaces, ex. C:\AOD-8.1.1 - C:\AAOD-7.2.3
NLiyana
Joined: Mar 19, 2021
Messages: 15
Offline
Is AOD 8.1.1 compatible with AEP 7.X and tomcat 7.X versions? The other thread states that it is compatible with the following but the Product compatibility matrix shows as only AEP 8.X and tomcat 8.x and 9.x versions.

AEP 7.0, 7.1, 7.2, 8.0, 8.1
J2SE 1.8, 1.9, 10.1, 11, 12
Tomcat 7.0,8.0, 8.5, 9.0
massimo__croci
Joined: Jan 31, 2020
Messages: 190
Offline
Hi.
In case of any doubt, double-check the Release Notes for AOD 8.1.1:

https://www.devconnectprogram.com/fileMedia/download/5dd0af54-c2cd-4ab0-9efd-62f131665917

On page 7 - Software Prerequisites (Supported Versions) - Design Environment: Tomcat versions 7.0, 8.0, 8.5, 9.0.x
Software Prerequisites (Supported Versions) - Runtine environemnt Environment: Tomcat versions 7.0, 8.0, 8.5, 9.0
On page 8
Avaya Aura® Experience Portal 7.0 Avaya Aura® Experience Portal 7.1
Avaya Aura® Experience Portal 7.2 Avaya Experience Portal 8.0
NLiyana
Joined: Mar 19, 2021
Messages: 15
Offline
Have a question that is not related to Log4j. I tried to install 8.1.1 but couldn't run eclipse that came with it because we use a 32bit machine. So I tried running the eclipse version that we are already using in 7.1 version but I couldn't get OD to upgraded to 8.1.1 with that. Can you please provide guidance on this? I want to use 32 bit excplise and OAD8.1.1
massimo__croci
Joined: Jan 31, 2020
Messages: 190
Offline
Please, for a different request open a new post on this forum.





Go to:   
Mobile view