Skip to Main Content
Spotfire Ideas Portal
Status Future Consideration
Product Spotfire
Categories Installation
Created by Guest
Created on Mar 23, 2022

request for TIBCO to use hotfixes for resolution of severe security vulnerability issues (including the log4j issue), instead of using service packs

Due to the recent apache log4j vulnerabilities discovered one by one, customers need to upgrade to latest service pack version to resolve this issue.

However, to upgrade spotfire server end users must follow the complete steps below:

(1) backup current environment fully

(2) duplicate repository database

(3) perform upgrade on duplicated repository database

(4) install spotfire server and connect it to (3)

(5) install node manager and upgrade all services.

(6) validate all functionalities work as expected as before the upgrade

This is quite time consuming and causing many workload to our customers. For some of our customers who have deployed a huge cluster, it could take weeks/months to do this.

Most customers think the necessity of upgrade is due to products' defect so they are asking us and our partners to do it for them for free. That brings huge business impact on us and our partners.

Even after upgrading to latest service pack version, if another severe vulnerability is discovered and customer has to do the upgrade once again when newer service pack version is released.

Lots of our customers and our partners are complaining about this.

Some of them even start considering about switching to other products.

Customers and our partners, including us, strongly request TIBCO to release hotfixes for spotfire server to resolve these kind of issues for now and in the future, in order to greatly reduce the workload of resolving severe security vulnerability issues.

This was first filed as support case 02077240 and determined as an ER.

  • Attach files