Forum Discussion

Active Contributor

12 months ago

Solved

CVE-2018-1285 Apache log4net XML External Entity Vulnerability

********************************** EDIT1: 2024/05/06 DESPITE THE "SOLVED" MARKINGS THE VULNERABILITY REMAINS. DO NOT BE FOOLED BY GOTO! ********************************** Why is this ancient C...

GlennD
12 months ago
Hi HZO-GB, welcome to the community.

The team is aware of this issue and it is being worked on currently. When an update is available I will share it here.

GoTo Manager

12 months ago

Hi HZO-GB, welcome to the community.

The team is aware of this issue and it is being worked on currently. When an update is available I will share it here.

HZO-GB
Active Contributor
9 months ago
GlennD can you provide an update, and also follow up on my ticket 19744340?
- GlennD
  GoTo Manager
  9 months ago
  HZO-GB The fix has been prepared and we are working through the testing and a release plan. This is taking longer as it is for our older platform. Once it has be QA'd and a release date is confirmed I will post an update.
HZO-GB
Active Contributor
11 months ago
I know this is marked as Resolved but it is not. There is yet any fix to the vulnerability.
- mkeaton
  Frequent Contributor
  11 months ago
  Yet another item to add to the risk assessment. Thank you HZO-GB!
HZO-GB
Active Contributor
12 months ago
Thank you GlennD for the update. My complaint is that Apache has patched the DLL since 2020, and yet in 2024 GoTo is still looking into re-compiling the connector software so the new version DLL is added o the latest version.

This I find unacceptable from security practices perspective. This is one of the easiest vulnerability to remediate yet here I am opening and re-opening tickets, posting on the community forum, waiting months and vocally pushing for a patch with no ETA except "we are looking into it"