Jump to content

We need steps to remediate/fix the CVE-2021-44228 log4j vulnerability for Spotfire version 10.9.0.


Recommended Posts

I already followed the document pdf shared on the community post but when I replace the log4j file and restarting the java it deletes and downloads same files again. Could you please share me the correct steps to fix the issue?

Link to comment
Share on other sites


Just to make sure you have followed the correct instructions, you have followed the instructions in Support KB article 000045607 - https://support.tibco.com/s/article/TIBCO-Spotfire-Mitigation-for-CVE-2021-44228-Log4Shell?_ga=2.215569239.139752322.1677486158-776196050.1636355826 ? Those instructions have been very widely used, so there is little chance at this point of any general issues with the instructions but there are many steps and easy to get something wrong, so consider repeating the process.

Troubleshooting this further, as it is a security issue, would require a support case, but version 10.9 is quite old and no longer eligible for support (since July 31, 2021), so my only recommendation (as a TIBCO employee) is to upgrade to a supported version, such as the latest LTS version - TIBCO Spotfire 12.0 (where this issue has already been addressed out of the box).

Best Regards

Fredrik (TIBCO Support)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...