Hello Uwe, hello Zoltan, just today we got another Flash from IBM adressig the log4j problem in Spectrum Protect Plus: Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Spectrum Protect Plus (CVE-2021-45105, CVE-2021-45046) When upgrading to 10.1.9.2, the problem should be solved.
Kind Regards Gerd Becker Gerd Becker Head of Solution Competence Center Cristie Data GmbH | #atyourservice Nordring 53-55 | D-63843 Niedernberg Telefon: +49 6028 9795 744 | Fax: +49 6028 9795 799 | Mobil: +49 160 98100120 E-Mail: gerd.bec...@cristie.de<mailto:gerd.bec...@cristie.de> | Internet: www.cristie.de<http://www.cristie.de> Geschäftsführer: Ian Cameron, Volker Wester | Amtsgericht Aschaffenburg HRB9393 Datenschutz - Information über die Speicherung Ihrer personenbezogenen Daten gemäß den Artikeln 12, 13 und 14 DSGVO siehe: https://www.cristie.de/datenschutz Gerd Becker Head of Solution Competence Center Cristie Data GmbH | #atyourservice Nordring 53-55 | D-63843 Niedernberg Telefon: +49 6028 9795 744 | Fax: +49 6028 9795 799 | Mobil: +49 160 98100120 E-Mail: gerd.bec...@cristie.de<mailto:gerd.bec...@cristie.de> | Internet: www.cristie.de<http://www.cristie.de> Geschäftsführer: Ian Cameron, Volker Wester | Amtsgericht Aschaffenburg HRB9393 Datenschutz - Information über die Speicherung Ihrer personenbezogenen Daten gemäß den Artikeln 12, 13 und 14 DSGVO siehe: https://www.cristie.de/datenschutz -----Ursprüngliche Nachricht----- Von: ADSM: Dist Stor Manager <ADSM-L@VM.MARIST.EDU<mailto:ADSM-L@VM.MARIST.EDU>> Im Auftrag von Zoltan Forray Gesendet: Montag, 3. Januar 2022 14:51 An: ADSM-L@VM.MARIST.EDU<mailto:ADSM-L@VM.MARIST.EDU> Betreff: Re: [ADSM-L] Spectrum Protect Plus 10.1.9.2 [Sie erhalten nicht oft E-Mail von "zfor...@vcu.edu<mailto:zfor...@vcu.edu>". Weitere Informationen, warum dies wichtig ist, finden Sie unter "http://aka.ms/LearnAboutSenderIdentification".] Hello Uwe, Thank you for the response. If that is true, then we have a more serious problem. We have had to restart the appliance twice since upgrading on December 22nd. I don't see anything on the PSIRT page about addressing anything other than 2.15 in SPP. On Mon, Jan 3, 2022 at 8:36 AM Uwe Schreiber <uwe.h.schrei...@t-online.de<mailto:uwe.h.schrei...@t-online.de>> wrote: > Hello Zoltan, > > AFAIK 10.1.9 iFix2 does only include Log4j 2.17.0 > > Regards, Uwe > > -----Original Message----- > From: ADSM: Dist Stor Manager > <ADSM-L@VM.MARIST.EDU<mailto:ADSM-L@VM.MARIST.EDU>> On Behalf Of > Zoltan Forray > Sent: Montag, 3. Januar 2022 14:22 > To: ADSM-L@VM.MARIST.EDU<mailto:ADSM-L@VM.MARIST.EDU> > Subject: [ADSM-L] Spectrum Protect Plus 10.1.9.2 > > Can anyone here from IBM tell us what issues are addressed in ifix2? > > Against better judgment, we jumped from 10.1.8.2 to 10.1.9.1 to > mitigate Log4j but are now having intermittent scheduling freeze-ups > (e.g. suddenly all policies/report schedules stop running/being > scheduled) requiring a reboot of the appliance. > > IBM is infamous for releasing patches/updates but not updating the > documentation for many days later. We have already opened a ticket > for the problem itself. > > -- > *Zoltan Forray* > Backup Systems Administrator > VMware Administrator > Virginia Commonwealth University > UCC/Office of Technology Services > www.ucc.vcu.edu<http://www.ucc.vcu.edu> > zfor...@vcu.edu<mailto:zfor...@vcu.edu> - 804-828-4807 > Don't be a phishing victim - VCU and other reputable organizations > will never use email to request that you reply with your password, > social security number or confidential personal information. For more > details visit http://phishing.vcu.edu/ > <https://adminmicro2.questionpro.com> > -- *Zoltan Forray* Backup Systems Administrator VMware Administrator Virginia Commonwealth University UCC/Office of Technology Services www.ucc.vcu.edu<http://www.ucc.vcu.edu> zfor...@vcu.edu<mailto:zfor...@vcu.edu> - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://phishing.vcu.edu/ <https://adminmicro2.questionpro.com>