All,

As you know, IBM informix has been affected by the Log4j vulnerability. There are three separate issues here, all of which are fixed by the latest fixes to Informix Server versions 12.10.FC15 and 14.10.FC6 and 14.10.FC7 for all editions.

Today we have posted the latest release of Informix 14.10.FC7W1 to Fix Central here:

This new release is an outright replacement for 14.10.FC6 and 14.10.FC7; these releases are going to be discontinued and permanently withdrawn from service. You should discontinue all usage of 14.10.FC6 and 14.10.FC7 as soon as possible as they are not secure across all editions.

Today we have posted the latest release of Informix 12.10.FC15 to Fix Central here:

There are two updated files at the link above which are the Informix-server.jar and informix-agent.jar files for InformixHQ, for the current release of InformixHQ 1.6.3. These are the same files incorporated into 14.10.FC7W1. There will be a full pack release of 12.10.FC15W1 with the installer for release number purposes in the near future. You should apply the interim fix to the 12.10,FC15 release, as it is not secure across all editions and will be withdrawn permanently from service once the new fix is GA, the date for which is presently unknown.

Finally, the Informix Cloud Pak For Data 4.0.5 will be GA on Jan 16 and also has the Informix fixes for the NEO4J within and available. Upgrade instructions links below will be updated on January 16th with updated commands:

Security Bulletin: IBM Informix Dynamic Server is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228):