Is re-applying log4j hot fixes required if vApp is upgraded from 14.4.0 to 14.4.1?

search cancel

Is re-applying log4j hot fixes required if vApp is upgraded from 14.4.0 to 14.4.1?

book

Article ID: 240456

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

Currently vApp version is 14.4.0 and it has been installed with log4j hot fixes, i.e.
Hotfix1: C8-HF-LOG4J-20211222-001.tar.gpg,
Hotfix2: C8-HF-LOG4J-20220120-001.tar.gpg.

Please refer https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-suite/14-4/release-notes/Virtual-Appliance-Release-Notes/Hotfixes.html under "Upgrade Patch to Fix Apache Log4j Issues (CVE-2021-44228, CVE-2021-45105, CVE-2021-45046, CVE-2021-44832)" section.

If vApp is upgraded to 14.4.1 plus 14.4.1 Cumulative Hotfix 1, is re-applying log4j hot fixes required?

Environment

Release : 14.4

Component : Identity Suite

Resolution

Yes, it is required to re-apply both log4j hot fixes after vApp is upgraded to 14.4.1 plus 14.4.1 Cumulative Hotfix 1 or 14.4.1 Cumulative Hotfix 2.

Feedback

thumb_up Yes

thumb_down No