Mason Nakadomari

Ok thanks.

Apparently there is a vulnerability for 1.2.X. Does Jasperstarter use jmsappender? CVE-2021-4104 involves an untrusted deserialization flaw affecting Log4j version 1.2 (No fix available; Upgrade to version 2.17.0). This issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. The impact to confidentiality,...

Also is Jasperstarter vulnerable to the log4j shell vulnerability.

Do you know if it is using any other versions of log4j by default. I'm investigating http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228 thanks.

Here is the jrxml file its the same as on windows.

It was developed in a windows machine on Jasper Studio but processed on Jasperstarter....

Hi Volker, thanks for your help previously we figured out our previous problem. Jasperstarter...

It fails with the exact same error.