LOG4J.JAR resolution on BOXI 3.1

AVALON05 · January 7, 2022, 3:52pm

Has anyone who is still on Business Objects XI 3.1 been able to identify how to resolve the Zero Day Apache Log4j Security Vulnerability impact on Java. It was discovered December 2021?

The Vendor no longer supports this version, and my first thoughts were to just delete the log4j files and see what happens, but decided against it.

JohnBClark · January 7, 2022, 4:11pm

If the version of Log4j used by BI4.2+ is too old to have the issue, CVE-2021-44228 - BusinessObjects impact for Log4j vulnerability, I would assume that the version of Log4j used by XI3.1 would also be too old.

IamATeckie · January 26, 2022, 3:24pm

Deleting the log4j version could break the entire environment.