Hi jamesd1,

Here is an update from internal regarding log4j.

SMG released this  internal document regarding Log4Shell. There is a list of unaffected products. Please check here  for more information.

Thank you.

Best regards,
Sheng

p/s: If any answer from the community or Intel support are helpful, please feel free to give Kudos.

Hi Sheng,

Thank you for your reply and apologies for the delayed response over the holidays.

I can't seem to be able to access the links posted in your most recent message. I'm getting the following error message (with email addresses, etc redacted for the sake of public posting):

Message: AADSTS90072: User account [REDACTED] from identity provider [REDACTED] does not exist in tenant 'Intel Corporation' and cannot access the application '00000003-0000-0ff1-ce00-000000000000'(Office 365 SharePoint Online) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account

I've attempted to use alternative browsers, computers and accounts to access this link, but with no luck.

Is the link broken and might there be an alternative link I could use?

Kind regards,

James

Hi Sheng,

Thanks for that link. Quartus Prime isn't mentioned anywhere on that page though.

The main thing that would concern me is that I've found .jar files under the intelFPGA directory relating to log4j (used for the Eclipse plugin). Is it possible that this hasn't been noticed and addressed yet? And could it also be used elsewhere in the program?

I'm using version 18.1, but the release notes for more recent versions don't mention log4j, so I'd assume from this that it hasn't been patched. Would this present a security vulnerability on our systems?

Kind regards,

James