On December 9, 2021, a very serious vulnerability in the popular Java-based logging package Log4j was disclosed. This vulnerability allows an attacker to execute code on a remote server; a so-called Remote Code Execution (RCE).
Because of the widespread use of Java and log4j this is likely one of the most serious vulnerabilities on the Internet since both Heartbleed and ShellShock.
It is CVE-2021-44228
and affects version 2
of log4j between versions 2.0-beta-9 and 2.14.1
It is not present in version 1 of log4j and is patched in version 2.15.0
This issue impacts all WorldServer 11 versions. This issue does not
impact WorldServer 10 deployments. On the Jasper Report side, only versions 7.5 and 7.9 are affected. These versions are present in WorldServer version 11.6.1 to 11.7.1. There is no need to fix any vulnerability on the Jasper Report side for WorldServer versions below 11.6.x.
This article provides step-by-step resolutions for each WorldServer version.