Due to the recent apache log4j vulnerabilities discovered one by one, customers need to upgrade to latest service pack version to resolve this issue.
However, to upgrade spotfire server end users must follow the complete steps below:
(1) backup current environment fully
(2) duplicate repository database
(3) perform upgrade on duplicated repository database
(4) install spotfire server and connect it to (3)
(5) install node manager and upgrade all services.
(6) validate all functionalities work as expected as before the upgrade
This is quite time consuming and causing many workload to our customers. For some of our customers who have deployed a huge cluster, it could take weeks/months to do this.
Most customers think the necessity of upgrade is due to products' defect so they are asking us and our partners to do it for them for free. That brings huge business impact on us and our partners.
Even after upgrading to latest service pack version, if another severe vulnerability is discovered and customer has to do the upgrade once again when newer service pack version is released.
Lots of our customers and our partners are complaining about this.
Some of them even start considering about switching to other products.
Customers and our partners, including us, strongly request TIBCO to release hotfixes for spotfire server to resolve these kind of issues for now and in the future, in order to greatly reduce the workload of resolving severe security vulnerability issues.
This was first filed as support case 02077240 and determined as an ER.