BASIS International Ltd. releases BBj®, the Barista® Application Framework, and AddonSoftware® by Barista version 21.13. This release incorporates all customer-requested fixes listed in the Fixes file.
As previously announced on BASIS's Developer's List, a vulnerable version of the log4j library (log4j-api-2.8.1.jar) was distributed with BBj revisions 17.10 through 17.12. However, the “Console Logging” BBj feature that used this library was not enabled by default, and instructions to do so were never published. Current versions of BBj are not at risk.HERE are the details of this vulnerability.
In summary:
BBj Vulnerability: Minimal
There is no exposure for BBj revisions 17.13 and above
(V)PRO/5 Vulnerability: None
(V)PRO/5 uses no Java libraries
Standalone PRO/5 Data Server Vulnerability: None
The standalone PRO/5 Data Server uses no Java libraries
BASIS License Manager (BLM) Vulnerability: None
The BLM uses no Java libraries
Save the Date
SAVE the DATE for the in-person at TechCon2022
on May 23-25 in Albuquerque, NM with two days of training on May 26-27
Staying Connected
The BASIS International Advantage
Dig into the wealth of information in this technical publication. Read the articles online or download them to your device of choice. Click here.
