+3Hi!
I have a customer where we recently installed the IFS Solution ID 312399 which is supposed to contain security patches for IFS10 middleware.
Now when they run their security scanning software, it still finds old versions of log4j.jar and commons-text-1.1.jar that is know to have vulnerabilities.
Aren’t these supposed to have been replaced withIFS Solution ID 312399?
+14Hi
The solution ID 312399 is for Oracle Critical Patch Updates for Middle Tier - 2025 October.
More details on this can be found from: Oracle Critical Patch Update Advisory - October 2025
Following are the files that have changed from this solution ID.
Therefore, log4j.jar and commons-text-1.1.jar files are not changed from this.
Also, can you mention the vulnerabilities identified from those files (log4j.jar and commons-text-1.1.jar)?
+3Thanks for replying Ashen!
Yes, common-text-1.1.jar is also there.
There is an older patch (don’t remember the ID now) specifically for handling log4j, can this be installed above IFS Solution ID 312399?
What would be the best way to be up to date with MWS security patches?
Regards
Johan
+14Thanks for replying Ashen!
Yes, common-text-1.1.jar is also there.
There is an older patch (don’t remember the ID now) specifically for handling log4j, can this be installed above IFS Solution ID 312399?
What would be the best way to be up to date with MWS security patches?
Regards
Johan
The solution ID 311165 (Binary patch 10.26.28.0 delivered) is related with WebLogic (Log4j) security vulnerability for post go live of UPD21 in Apps 10.
This Binary patch 10.26.28.0 is the latest one delivered at the moment.
The latest UPD contains the latest MWS security patches.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.