As you know, IBM informix has been affected by the Log4j vulnerability. There are three separate issues here, all of which are fixed by the latest fixes to Informix Server versions 12.10.FC15 and 14.10.FC6 and 14.10.FC7 for all editions.
Today we have posted the latest release of Informix 14.10.FC7W1 to Fix Central here:
This new release is an outright replacement for 14.10.FC6 and 14.10.FC7; these releases are going to be discontinued and permanently withdrawn from service. You should discontinue all usage of 14.10.FC6 and 14.10.FC7 as soon as possible as they are not secure across all editions.
Today we have posted the latest release of Informix 12.10.FC15 to Fix Central here:
There are two updated files at the link above which are the Informix-server.jar and informix-agent.jar files for InformixHQ, for the current release of InformixHQ 1.6.3. These are the same files incorporated into 14.10.FC7W1. There will be a full pack release of 12.10.FC15W1 with the installer for release number purposes in the near future. You should apply the interim fix to the 12.10,FC15 release, as it is not secure across all editions and will be withdrawn permanently from service once the new fix is GA, the date for which is presently unknown.
Finally, the Informix Cloud Pak For Data 4.0.5 will be GA on Jan 16 and also has the Informix fixes for the NEO4J within and available. Upgrade instructions links below will be updated on January 16th with updated commands:
If you are running earlier versions of Informix Cloud Pak for Data based on Informix 14.10.FC6 or Informix 14.10.FC7, for any available Informix Edition, be advised that those Informix Editions have the known log4j security vulnerabilities and should no longer be run. You should upgrade your version of Informix Cloud Pak for Data as soon as possible.
The 14.10 Fix applies to users with Informix On Cloud that are using any of the above affected versions of Informix. The fix for Informix on Cloud users is the same as outlined above.
The above are the only known IBM Informix server products at this time to be affected by the Log4J vulnerability.
Log4j Vulnerability ( CVE-2021-44228 ) in IBM Informix workaround