This knowledge article is published to announce the release of TIBCO(R) Fulfillment Order Management 4.0.2 - Hotfix 11. This hotfix is exclusively released to provide fix for Apache Log4J vulnerability CVE-2021-44228, referred to as the "Log4Shell" vulnerability.

With the release of this hotfix, TIBCO strongly recommends customers upgrade from any FOM 4.x version (e.g. FOM 4.0.0, 4.0.1, 4.0.2 etc.) to FOM 4.0.2 - Hotfix 11.

This hotfix can be downloaded from the TIBCO Support Web User Interface using your username and password for the TIBCO Support Web. Once logged in, you can find the hotfix under the Downloads Menu: "AvailableDownloads/ActiveFulfillment/4.0.2/Hotfix-11"

Files available for download: 

TIB_fom_4.0.2_HF-11_readme.txt
TIB_fom_4.0.2-HF-11.zip

Please take a look at the Readme file for the instructions on how to apply the hotfix.

================================================================================
Closed Issues in 4.0.2_HF-11 (This Release)

AF-13230 - The vulnerability for Log4j issue CVE-2021-44228 has been fixed.
================================================================================

Apache Log4J Vulnerability Update
https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update

KB 000045606 Apache Log4J Vulnerability and Impact to TIBCO Products and Services
https://support.tibco.com/s/article/Apache-Log4J-Vulnerability-and-Impact-to-TIBCO-Products-and-Services