Critical vulnerability in Log4j

The latest update to this post is available here!

On Friday 09.12.21 a critical vulnerability (Log4Shell) in the widely used Java library Log4j has been identified. According to the assessment of many authorities, this leads to an extremely critical threat situation, which is why, among others, the Federal Office for Information Security (BSI) in Germany has upgraded its existing cyber security warning to warning level red (see Common Vulnerabilities and Exposures and BSI).

The affected component is also used in some PTV products. This affects both customer installations and the cloud offering of PTV Group.

Overview

List of products (affected, but patched)

  • PTV xServer internet 1 / PTV xServer internet 2
  • PTV TLN planner internet
  • PTV Route Optimizer SaaS / Demonstrator
  • PTV Developer
  • PTV Visum Publisher

List of products (affected)

  • PTV xServer 2.x (on prem)
  • PTV xServer 1.34 (on prem)
  • PTV MaaS Modeller

List of products (possibly affected)

  • PTV Route Optimiser CL
  • PTV Route Optimiser ST
  • PTV Map&Market
  • PTV Arrival Board / Trip Creator / EM Portal
  • PTV Drive&Arrive

List of products (not affected)

  • PTV xServer < 1.34 (on prem)
  • PTV Road Editor
  • PTV Map&Guide internet
  • PTV Map&Guide intranet
  • PTV Navigator Licence Manager
  • PTV Navigator App
  • PTV Drive&Arrive App
  • PTV Visum
  • PTV Vissim
  • PTV Vistro
  • PTV Viswalk
  • PTV Balance and PTV Epics
  • PTV Hyperpath
  • PTV TRE and PTV Tre-Addin
  • PTV Optima

We have therefore been working on updating the affected PTV products since the vulnerability was announced.

For the vulnerability, there is already a security update from the manufacturer with version Log4j 2.15.0. In addition, all products that use Log4j – including all affected PTV Products – must be adapted.

For cloud products, the update will be performed by PTV in its own data centers.

For customer-owned installations, we will provide an update in the short term and offer it for download. All customers will receive direct information about this in a timely manner.

Concerning further technical questions, please contact your Product Support.

PTV xServer internet technical information – Reported issues for PTV Europe City Map [TomTom] with API Version 1

On September 1st 2021 we did the update on the PTV Europe City Map [TomTom] with API Version 1. After the switch to production some customers had problems.

Here are the issues reported and the corresponding solution:

  • There was a report that a customer could no longer connect to the service. After an analysis we found out that he used the IP address instead of URL.
    Please have in mind that we don´t guarantee the stability of our IP addresses, so please only use the URLs to address our service.

  • There was an issue with an error of dataCompatibilityVersion does not match.
    After the analysis of the issue we found out that the error message was misleading. Instead of data compatibility it is a profile schema validation error.

    In our documentation we note that the schema validation for the profile snippet should only be used for development or debugging issues, because of the performance. It is not meant for productive usage, nevertheless it should work like intended.

    Do not use http://localhost:500×0 as schema url since this internal url might or will not work. We documented in our manual that we support the following notation for the schema location:

    <Profile xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance xsi:noNamespaceSchemaLocation=

      "../../schema/XRouteProfile.xsd">

      <Common language="de" coordinateFormat="PTV_GEODECIMAL" majorVersion="1" minorVersion="0"/>

    </Profile>

    What also works is the notation like specified in our RawRequestRunner samples:

    <Profile xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:noNamespaceSchemaLocation=\http:///xroute/schema/XRouteProfile.xsd\>   

    We see that is a minor change if you used that differently before. Nevertheless, this is the documented and supported way and should be used accordingly.

 

We kindly ask you to please always test your application on the provided test system and report any problem immediately.

PTV xServer internet update – PTV Europe City Map [HERE] with API Version 1

We did perform technical maintenance today that did not require any downtime.
The following tasks were completed in the scope of this maintenance.

PTV Europe City Map [HERE] – TEST and INTEGRATION – cluster with API version 1:

  • Operating system change from Windows Server to Ubuntu Linux

Please test your application on the today updated test system and report any problem immediately.

Deactivation of Transport Layer Security (TLS) 1.0 and 1.1

Microsoft announced the deactivation of Transport Layer Security 1.0 and 1.1
Announcement from Microsoft on September 30th, 2020:
Transport Layer Security (TLS) 1.0 and 1.1 are security protocols for establishing encryption channels over computer networks. Microsoft has supported these protocols since Windows XP/Server 2003. However, due to evolving regulatory requirements as well as new security vulnerabilities in TLS 1.0, Microsoft recommends that customers remove TLS 1.0/1.1 dependencies in their environments and disable TLS 1.0 and 1.1 at the operating system level where possible. https://docs.microsoft.com/en-gb/lifecycle/announcements/transport-layer-security-1x-disablement

PTV xServer internet with API version 1 will no longer be able to support TLS 1.1 or lower by the date September 30th, 2021 due to security updates in Azure.
PTV will start to deactivate the protocols with the planned map updates starting in October 2021. The updates will be announced via our PTV Developer Blog. You can subscribe our blog to stay posted.

  • Your action is required if you are still using TLS 1.0 or 1.1 version, as the requests will not get through to our service after we update the map clusters.
  • If you still use .NET Framework version 4.5 and lower or Java 7 runtime and lower your action is required.
  • Update your framework to a newer version to guarantee access to our service after the update on our map clusters.

.NET Framework
We recommend updating to NET 4.6 and above. You don’t need to do any additional work to support TLS 1.2, it’s supported by default. More detailed information regarding different NET. versions can be found here:
https://blogs.perficient.com/2016/04/28/tsl-1-2-and-net-support/

PTV Java Clients
We recommend updating to a Java 8 runtime environment for the PTV xServer clients because Java 8 runtime supports TLS 1.2 by default.

PTV xServer internet update – NEW PTV Europe City Map [Here] cluster with API Version 1

We like to inform you that we now provide a new cluster with PTV Europe City Map from Here. This cluster is available with PTV xServer API Version 1.

You can now find the new map cluster listed in our cluster overview on our PTV xServer internet Developer guide.

We provide an equal feature set like we already do for the PTV Europe City Map (TomTom) cluster.

You can find the following services available on this cluster:

  • xMap
  • xLocate
  • xRoute
  • xMapmatch
  • xTour

We provide the following High Performance Routing (hpr) profiles on this cluster:

  • hpr-car.xml
  • hpr-transporter-xml
  • hpr-truck-40t-ta.xml
  • hpr-truck-40t.xml

If you like to read more about hpr technology an profiles have a look at our High Performance Routing description on our PTV xServer internet Developer guide.

Webinar – PTV xServer internet for cloud developers – last minute registration

A Technical introduction into PTV xServer internet for cloud developers.

 

Motivation:
“Which info would have prevented me from a lot of painful experiences and do-it-again‘s?“ Registration required before July 28th, free of cost

Agenda:
– What do we offer from a technical perspective? Which protocols and client environments are supported?
– How is the authentication established?
– Where to find which information? How to understand the documentation?
– Which modules are available and what is their functional scope?
– Why to communicate via asynchronous protocol?
– Sample application C#
Speaker: bernd.welter@ptvgroup.com
Level: Technical, we will show samples in C# and JavaScript

Who should participate:
– Developers who are new in the topic Who should not participate
– Developers who are already familiar with PTV xServers : you will only see things you are familiar with
– Deciders : at this stage you should be aware of our capabilities (forward it to your teams!)

We provide this webinar in German and English:

German: Dienstag, 28. Juli 2020, 14:00 – 16:00 CEST
Jetzt registrieren

English: Wed, Jul 29, 2020 2:00 PM – 4:00 PM CEST
Register now