|File link||File size||File description|
Block class loads for vulnerable classes
Allow application class loaders to block class loads of classes with known security vulnerabilities
All users of IBM WebSphere Application Server
Security-compromised classes can be loaded by the WebSphere Application Server application and library class loaders.
Applications deployed to WebSphere Application Server may run versions of Log4j2 that are affected by the Log4Shell (CVE-2021-44228) vulnerability.
org.apache.logging.log4j.core.lookup.JndiLookup class, which is the cause of the vulnerability.
Blocking of class loads for org.apache.logging.log4j.core.lookup.JndiLookup was added to the WebSphere application, shared library, and extension class loaders.
The fix for this APAR is targeted for inclusion in fix packs 126.96.36.199, 188.8.131.52 and 184.108.40.206.
For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Review the readme.txt for detailed installation instructions.
|V85 readme file||3906|
|V90 readme file||3739|
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes in this table.
|DOWNLOAD||RELEASE DATE||SIZE(Bytes)||Applicable Fix Packs||
|220.127.116.11-WS-WAS-IFPH42899||18 December 2021||300413||18.104.22.168 through 22.214.171.124||FC|
|126.96.36.199-WS-WAS-IFPH42899||18 December 2021||303151||188.8.131.52 through 184.108.40.206||FC|
|220.127.116.11-WS-WAS-IFPH42899||18 December 2021||302850||18.104.22.168 through 22.214.171.124||FC|
|126.96.36.199-ws-wlp-ifph42759.zip||15 December 2021||1662561||188.8.131.52 IM||FC|
|210012-wlp-archive-ifph42759.jar||15 December 2021||1600448||184.108.40.206 Archive||FC|
|220.127.116.11-ws-wlp-ifph42759.zip||15 December 2021||1659830||18.104.22.168 IM||FC|
|21009-wlp-archive-ifph42759.jar||15 December 2021||1597881||22.214.171.124 Archive||FC|
Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).
Was this topic helpful?
18 December 2021