Forum

With the recent announcement of security vulnerabilities in the Apache Log4j and Log4Shell logging libraries, we have investigated Phire’s exposure and here is our recommendation.

Phire does not make use of the Log4j or Log4shell libraries, so based on that we are not providing any patches or making any changes to our delivery.

However, since Phire runs in a PeopleTools environment, we are recommending that customers follow Oracle recommendations for mitigating the risk in the web/app/prcs server configurations, outlined in Doc ID 2828073.1

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=209125163936738&id=2828073.1

We’ll continue to monitor the situation.