On Tue, 14 Dec 2021 00:23:21 -0500, Cheryl Watson <che...@watsonwalker.com> wrote:
>Hi all, > >SAS uses Java and has issued a blog post. Many SAS products use Java and are >susceptible to this exposure. Each site should ensure that all SAS users and >the Security staff are made aware of this. Please see their post (updated >today) here: > >https://blogs.sas.com/content/sgf/2021/12/13/cve-2021-44228-log4j/. > >The two statements relating to base SAS are: > >• For the SAS® 9.4M7 maintenance release, SAS is recommending that the >log4j2.formatMsgNoLookups system property be set to true, as documented in the >CVE. SAS is working on instructions and will link to them when published. > >• The SAS® 9.4M6 maintenance release and earlier releases are under active >review. > >Best regards, >Cheryl > Assuming WPS would be similarly affected... Regards, Art Gutowski arthur.gutow...@huntington.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
