No announcement yet.

iACS Log4J vulnerability - RDi version?

  • Filter
  • Time
  • Show
Clear All
new posts

  • iACS Log4J vulnerability - RDi version?

    So I just noticed that iACS versions up to v1.1.8.6 are (technically) vulnerable to Log4J, is the latest

    And I know that iACS is included in RDi. We just updated RDi to (just before landed), and I checked and it incuides iACS
    Soes anyone who has the latest version of RDi know what version of iACS it includes?

  • #2
    The RDi change log does not list a version update for iACS in RDi

    But the security bulliten does not mention the impact from having it bundled with RDi, or a need for a future RDi patch to fix the bundled RDi:

    Or the need to install PTFs to update the iACS version bundled on the IBMi on the IFS (Unless the PTFs to fix the vulnerability in Integrated Web Services Server (IWS) V2.6 include a bundled iACS update)