Webfocus 82 - Fix log4j 1.2 vulnerability and support for open JDK

[Madhavan TR]

1) We have noticed the vulnerable log4j being used by Webfocus. Any suggestions to avoid this vulnerability?

Apache Log4j 1.2.17 (ibiWebFOCUS82ReportCasterliblog4j-1.2.17.jar)

2) Can we use Open JDK for running our webserver (Apache Tomcat) or we need to use only Oracle JRE? Will there be any impact on webfocus ? If there is any certification matrix, please let us know. Note: We have web server and webfocus installed in the same machine

[Patrick Huebgen]

Recent versions of WebFOCUS have fixes for log4j vulnerabilities - depending on your version there will be hotfixes off you need to update to a recent version

details here

https://support.tibco.com/s/article/TIBCO-WebFOCUS-TIBCO-WebFOCUS-Reporting-Server-and-TIBCO-Data-Migrator-8207-27-0-to-8207-28-05-Hotfixes

yes you can use open source versions of java

I‘m using https://adoptium.net/

For supported versions please check the installation manual of the WebFOCUS version you are using - as this depends on your version

[Patrick Huebgen]

@Madhavan TR​ 

I'm getting the same question again and again - so you get a new video.

in my latest episode of my ibi | Information Builders #WebFOCUS tips & tricks series I will explain how to update WebFOCUS to the latest version of #Java #JRE - in specific updating from Java 8 to Java 11 #[[OpenJDK

https://youtu.be/GY3-XcljCHg]​ 

[Madhavan TR]

Thank you Patrick. It helps!!!

[Patrick Huebgen]

You are welcome - more videos can be found in my channel - https://www.youtube.com/@table-file-patrick/

[David Briars]

Patrick - I checked your YouTube channel just now and subscribed. The list of available vids looks fantastic. I am going to enjoy watching them. Kudos! Love the name 'TABLE FILE PATRICK'. 😀