Hi Community,
We were just made aware of a severe vulnerability in the Java logging library Apache Log4j.
See the following article for more information:
Please note that we are using IFS Apps 9 and if Apps 9 supports latest version of Crystal Reports runtime?
The latest version of Crystal Reports runtime has removed this vulnerability.
Best Regards
Asanga
+15Hi,
As Crystal Reports for .NET runtime SDK is a 3rd party library, it’s hard for us to give an exact answer.
Please refer the SAP Crystal community forum post given below for more details.
https://answers.sap.com/questions/13545419/log4j-security-vulnerability-with-sap-crystal-repo.html
Regards,
Chanaka
Hi,
If you read my question I need to know does the latest Crystal Runtime supports IFS Apps 9?
Best Regards
Asanga
+15Hi,
The Crystal Report .Net runtime that we have tested with and compatible with the the Crystal Web Service is packed with the Crystal Web Service installation zip. Installing a version other than that might cause the Crystal Web Service to stop working as expected or might give errors. Therefore it’s recommended to use the Crystal Report .Net runtime in the installation zip.
Regards,
Chanaka
+15Hi,
IFS Report Designer framework doesn’t use it.
The jar file is there in IFS Web Client. This again IFS doesn’t use it. It’s a dependent jar for the Crystal Java SDK jars used to preview Crystal Quick Reports in IFS Web Client. The Log4j jar there also is not affected with the particular vulnerability you have mentioned above in this post as it’s not Log4j 2.x.
Regards,
Chanaka
IFS Analyzed all released code for the Log4j (CVE-2021-44228) vulnerability.
A few weeks back IFS has stated that IFS Apps9 is not affected by the Log4j vulnerability - and that includes Crystal Web Service.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
