Announcement

Collapse
No announcement yet.

iACS Log4J vulnerability - RDi version?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Vectorspace
    replied
    The RDi change log does not list a version update for iACS in RDi 9.6.0.11: https://www.ibm.com/support/pages/node/603339

    But the security bulliten does not mention the impact from having it bundled with RDi, or a need for a future RDi patch to fix the bundled RDi: https://www.ibm.com/support/pages/no...ers-_-NULL-_-E

    Or the need to install PTFs to update the iACS version bundled on the IBMi on the IFS (Unless the PTFs to fix the vulnerability in Integrated Web Services Server (IWS) V2.6 include a bundled iACS update)

    Leave a comment:


  • Vectorspace
    started a topic iACS Log4J vulnerability - RDi version?

    iACS Log4J vulnerability - RDi version?

    So I just noticed that iACS versions up to v1.1.8.6 are (technically) vulnerable to Log4J, 1.1.8.8 is the latest

    And I know that iACS is included in RDi. We just updated RDi to 9.6.0.10 (just before 9.6.0.11 landed), and I checked and it incuides iACS 1.1.8.3.
    Soes anyone who has the latest version of RDi know what version of iACS it includes?
Working...
X