This week brought news of an exploitable hack to which certain applications executing Java may be vulnerable. Specifically, any applications using the popular Apache log4j logging tool may, under certain circumstances, be exposed to hackers executing nefarious code on their servers. This includes applications running on IBM i. While Valence does include a version of log4j for logging JDBC connection info when accessing remote databases through Nitro App Builder or the vvOut_execSQLtoJSON RPG Toolkit procedure, the log4j version Valence uses, 1.2.17, predates the exploitable functionality introduced...
Learn More