My company's security team flagged the presence of vulnerable Log4j versions in the Madcap Flare libraries for Elasticsearch. By default, that's in
Code: Select all
C:/Program Files/MadCap Software/MadCap Flare 16/Flare.app/Resources/Elasticsearch/lib/log4j-core-2.9.0.jar
. It doesn't appear that the latest version of Flare has changed this version any; what are the options available to remove the vulnerability with current setup, and what is the expected timeline to remove this vulnerable library from the Flare source? Thanks!