Subscribe for automatic updates: RSS icon RSS

Login icon Sign in for full access | Help icon Help
Advanced search

Pages: [1] 2 3 ... 10
 1 
 on: September 16, 2024, 04:27:17 am 
Started by Martha R. - Last post by Reuben B.
Hi Martha,

I know you have got the answer you sought via a question to the support portal.  Just a reminder to you and everyone that if you need an answer quickly, support portal should be your preferred method of communication.  Support portal communication triggers timers associated with our Service Level Agreements, raising a question in the forum for others in the community to answer does not.

To help provide some closure to the forum community  for your question ...

Genero Report Writer uses Java.  If you look inside GREDIR/bin/greportwriter, GREDIR/bin/printerinfo etc you will see that it executes a java application.  If you have ever seen a Genero Report Writer error message, you will recognise it as a Java error message (long and exposing the stack) as opposed to a 2 line 4gl error message.  It is also why distributed mode has the performance advantage it does due to not starting/stopping multiple JVM.   If you look inside GREDIR/lib/jars you will a number of .jar Java archives including log4j.  There are 70+ .jar files, do we use every single piece functionality in all of those 70+ .jar files?, answer is no.  We don't want to get in positions where we are saying this old version is save to use because we don't use a particular piece of functionality in a .jar.

One of the reasons we encourage customers to be in the habit of updating and remaining up to date with Genero versions is so that they are also up to date with any 3rd party libraries that we use.  GRE 3.10.17  was released in January 2022 https://forum.4js.com/fjs_forum/index.php?topic=1748.msg5675#msg5675.   Martha answer suggested that her customer was on a version older than 3.10.17, so older than January 2022.  That customer is therefore missing out on at leat 2.5 years of security updates and bug fixes.

Reuben


 

 2 
 on: September 13, 2024, 06:15:00 pm 
Started by Christine R. - Last post by Christine R.

 Genero Enterprise 3.21
Maintenance Release 3.21.03


Four Js is pleased to announce a Maintenance Release of Genero BDL with Web Services (BDL – GWS - JGAS - GBC - GGC - WCG - GIP) 3.21.03.

Genero BDL with Web Service (BDL - JGAS - GBC - WCG - GIP) 3.21.03 is the bundle which includes:
  • Business Development Language (FGL) 3.21.03
  • Web service extension (GWS) 3.21.03
  • Genero Browser Client (GBC) 1.00.66
  • Genero Identity Provider (GIP) 1.00.16
  • Application Server for Java (JGAS) 1.10.12
  • Web Components and wrappers (WCG) 1.00.24


This version also includes the following bugs fixes :

Note:
Due to the implementation of a new database driver, a new package with the OS code l64al228  has been added to the list of the delivered packages.
This package works for the Rocky Linux 8 and 9 Operating System.

This version is now downloadable from the web site: https://4js.com/download/products/.

All Four Js Genero customers under maintenance have free access to the new release.

Best regards,

Four Js Development Tools

 3 
 on: September 11, 2024, 01:24:56 pm 
Started by Martha R. - Last post by Martha R.
Hi Christine,

I apologize but I'm trying to understand the vulnerability.  I understand our customer is in an old version but I want to know if we don't use Java to write reports, are these vulnerabilities an issue ?  Or Can I say to the customer you don't need to worry since we don't use java to write the reports.

Thanks,

Martha

 4 
 on: September 10, 2024, 05:21:00 pm 
Started by Martha R. - Last post by Martha R.
Hi Christine,

Thank you so much for replying to my posts. 

We use the Genero Report Writer but we don't create reports with Java.  If we don't use java, so we don't need to worry about the log4j-1.2.13.jar vulnerabilities.   Or even if we don't write reports with Java, genero report writer uses it internally.

Thanks,

Martha

 5 
 on: September 10, 2024, 02:15:42 pm 
Started by Martha R. - Last post by Christine R.
Hi Martha,

As said before, we encourage you to update your version of the report writer to the latest maintenance release version.
Regarding the vulnerability CVE-2022-23307 Chainsaw, from the description (see below), it is located in the component Chainsaw which is a gui based log viewer. We don't make use of that in our product. 
https://nsfocusglobal.com/apache-log4j-deserialization-and-sql-injection-vulnerability-cve-2022-23302-cve-2022-23305-cve-2022-23307-alert/
I hope this will help you.
 
Best regards,

Christine

 6 
 on: September 10, 2024, 02:01:47 pm 
Started by Martha R. - Last post by Martha R.
Hi Christine,

Thanks a lot for replying to my post.

Our customer is running a Genero Runtime version 3.10.  Our new version of our software runs in the Genero version 4.01 which has the newer jar versions. 

I'm just wondering if you can provide me with any information regarding vulnerability CVE-2022-23307 - Chainsaw.  Do you guys use it?  Or Can I tell the customer that vulnerability is nothing they need to worry about it.

Thanks,

Martha

 7 
 on: September 10, 2024, 10:25:32 am 
Started by Martha R. - Last post by Christine R.
Hello Martha,

FourJs has upgraded log4j to version 2.17.1 since the versions 3.10.17, 3.20.18, 4.00.05 and 5.00.00 of GRE.
Maybe your customers is using an older version.

Best regards,

Christine HEIM-REBIERE
FourJs Customer Care

 8 
 on: September 10, 2024, 01:46:21 am 
Started by Martha R. - Last post by Reuben B.
What versions of our products are you looking at?

Reuben

 9 
 on: September 09, 2024, 09:16:05 pm 
Started by Martha R. - Last post by Martha R.
Good Afternoon, 

We've been contacted by a client concerned about the log4j-1.2.13.jar vulnerabilities:

For CVE-2021-44228:  In a previous post, you mentioned this jar is outside the version range that contains the vulnerability.
For CVE-2022-23305 (Deserialization of Untrusted Data in JMSAppender) :  In the same post, you mentioned that you don't use JMSAppender

But what about CVE-2022-23307 - Chainsaw ? 

Also, the customer is asking why gre is using a jar file that has been end-of-life for quite some time now.   

Thanks,

Martha


 10 
 on: September 09, 2024, 06:02:38 pm 
Started by Christine R. - Last post by Christine R.

 Genero Enterprise 5.00 Maintenance Release :
Genero Desktop Client 5.00.03


Four Js is pleased to announce a Maintenance Release of Genero Desktop Client 5.00.03.

Keep in mind that Four Js now maintains the latest release of GDC only; it will be compatible with all supported versions of the Genero DVM.
Please refer to https://4js.com/online_documentation/fjs-gdc-manual-html/#genero-install-topics/c_gdc_install.html#c_gdc_compat_500 for more information.

This version includes the following bug fixes: https://4js.com/support/issue/GDC/5.00.03.

It is now downloadable from the website: https://4js.com/download/products/.

All Four Js Genero customers under maintenance have free access to the new release.

Best regards,

Four Js Development Tools

Pages: [1] 2 3 ... 10
Powered by SMF 1.1.21 | SMF © 2015, Simple Machines