search cancel

Risk Authentication patch for log4shell vulnerability


Article ID: 257113


Updated On:


CA Risk Authentication CA Advanced Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort)


We are upgrading from Risk Authentication 9.1 SP2 to SP3.

As part of previous release we got the log4shell(CVE-2021-44228) patch to resolve the issue.

Do we need apply the same patch or can we get new patch for log4shell issue on version SP3?


Release : 9.1 SP3


Based on NVD recommendation, this issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1.

Log4j 2.17.1 libraries are already packaged in 9.1 SP3. 

For more information, you can refer the section '9.1 SP3 Components' in product documentation