Log4j use in Flare Elasticsearch

This forum is for all Flare issues not related to any of the other categories.
Post Reply
araine
Jr. Propeller Head
Posts: 2
Joined: Thu Jun 07, 2018 9:38 am

Log4j use in Flare Elasticsearch

Post by araine »

My company's security team flagged the presence of vulnerable Log4j versions in the Madcap Flare libraries for Elasticsearch. By default, that's in

Code: Select all

C:/Program Files/MadCap Software/MadCap Flare 16/Flare.app/Resources/Elasticsearch/lib/log4j-core-2.9.0.jar
. It doesn't appear that the latest version of Flare has changed this version any; what are the options available to remove the vulnerability with current setup, and what is the expected timeline to remove this vulnerable library from the Flare source? Thanks!
Top
Nita Beck
Senior Propellus Maximus
Posts: 3669
Joined: Thu Feb 02, 2006 9:57 am
Location: Pittsford, NY

Re: Log4j use in Flare Elasticsearch

Post by Nita Beck »

MadCap has a patch for this, documented in their knowledge base: https://kb.madcapsoftware.com/Content/M ... ight=log4j
Nita
Image
RETIRED, but still fond of all the Flare friends I've made. See you around now and then!
Top
Post Reply

Return to “Flare's General Discussion”