Is Jaspersoft studio vulnerable to CVE-2021-44228 - log4j ? If yes, can you share the mitigation steps?
Clarity 16.0 and Jaspersoft studio 7.9
Jaspersoft studio 7.9 is listed as one of the Tibco softwares with the vulnerable log4j code. The resolution for Jaspersoft 7.9:
Reference: Apache Log4j Vulnerability Update for Jaspersoft Products
The log4j vulnerability mitigations for Clarity and Jaspersoft 7.8 server including the recommended log4j jar file (2.17.0) is found here - CVE-2021-44228 - log4j vulnerability and Clarity
Note: Jaspersoft studio 7.1 is not containing the vulnerable log4j code, and no actions are required.