PTV xServer 1.34 “Log4j” bugfix release available

The PTV xServer 1.34 is now available fixing the critical vulnerability in the Apache Log4j logging framework. We integrated the security update Log4j 2.15.0.

  • PTV xCluster Server 1.34.0.1
  • PTV xDima Server 1.34.0.2
  • PTV xLoad Server 1.34.0.1
  • PTV xLocate Server 1.34.0.2
  • PTV xMap Server 1.34.0.2
  • PTV xMapmatch Server 1.34.0.1
  • PTV xRoute Server 1.34.0.2
  • PTV xTerritory Server 1.34.0.2
  • PTV xTour Server 1.34.0.2
  • PTV xServer bundle 1.34.0.2

As the situation is very dynamic, there are further security risks with a lower score in Log4j 2.15.0 found. Log4j 2.16.0 is already available and the next bugfix release of PTV xServer 1.34 is in preparation to integrate it (same for PTV xServer 2.25). Anyway, we recommend to use the just released PTV xServer versions as the security risk with the highest score is fixed with them.

For on-premise solutions you can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)

The cloud solution PTV xServer internet using PTV xServer 1.34 is already patched. Check the Cluster Overview page to get more information about existing PTV xServer internet deployments.

PTV xServer 2.25.1 released to fix the Log4j zero-day exploit

The PTV xServer 2.25.1 is released! We fixed the Log4j zero-day exploit and integrated the security update Log4j 2.15.0. The same is true for the also released PTV Content Update Service 2.25.1.

Please check the corresponding release notes here.

For on-premise solutions you can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)

The cloud solution PTV xServer internet is already patched in the currently used versions. Check the Cluster Overview page to get more information about existing PTV xServer internet deployments.

How to handle the Apache Log4j zero-day exploit using PTV xServer on-premise

As the PTV xServer API versions 1.34 and 2.x are affected by the critical vulnerability in the Apache Log4j logging framework we work on updates integrating the security update Log4j 2.15.0. We will announce the new on-premise versions here and recommend to use them as soon as they are available.

On short notice you can take the following measures to mitigate the zero-day exploit: Set the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS in your system to true. This of course also has a positive affect on other applications on your system that uses the lookup function from Log4j.

Please note that this mitigation works for PTV xServer 1.34 and from PTV xServer 2.7 on. In case of using PTV xServer versions 2.0 to 2.6 you have to update them first.

Moreover the PTV Content Update Service 2.x is in the same way affected as PTV xServer 2.x and the mitigation also works from PTV Content Update Service 2.7 on.

 

PTV xServer 1.34 released

The new PTV xServer API version 1.34 is available. As always, we recommend to use the new version as soon as possible. And these are the main topics:

  • Updated several third-party components to recent versions
  • Harmonized the speed values of the reference profile ‘truck11-99t_01-00’
  • Fixed some bugs, mainly concerning the distance matrix calculation

Please note that we also updated our logging framework. In case of individual changes in the logging configuration files, you have to adapt them (see “Migration Guide Logging”).

If you are interested in the full list of changes, you can check the corresponding release notes here.

You can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)

PTV xServer 2.25 released

The new PTV xServer API version 2.25 is available and these are the highlights:

  • xRoute
    • Support for the HBEFA 4.1 emission calculation
    • New operation to get the effective routing profile
  • xTour
    • Support for order priorities if not all orders can be served
    • Support for mixed loading prohibition to prevent certain orders planned on the same trip
    • More flexibility in handling orders where no valid route to the location is possible
  • General
    • Update of several third-party components

If you are interested in the full list of features and improvements, you can check the corresponding release notes here.

For on-premise solutions you can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)

For cloud solutions we provide a test and production system based on this release. The PTV World City Map test cluster already contains the PTV xServer API version 2.25 release plus all future and finished changes for the next release.

The production system of PTV xServer internet will be updated following this schedule:

  • 30.11.21: Productive system hosted in Europe
  • 01.12.21: Productive system hosted in US
  • 08.12.21: Productive system hosted in Australia

Check the Cluster Overview page to get more information about existing PTV xServer internet deployments.

PTV xServer 2.24.1 released

The new PTV xServer API Version 2.24.1 is available for download. It contains an important bugfix concerning the usage of asynchronous requests:.

  • General:
    • Prevent operation ‘watchJob’ from waiting when job is already finished

For on-premise solutions you can download the latest version from the Customer Area at the Developer Zone. http://xserver.ptvgroup.com/de/nc/developer-zone/customer-area/ (login and license required)

For cloud solutions we provide a test and production system based on this release. The PTV World City Map test cluster contains the PTV xServer API version 2.24 release plus all future and finished changes for the next release.

The production system of PTV xServer internet will be updated updated following this schedule:

  • ASAP: Productive system hosted in Europe
  • ASAP: Productive system hosted in US
  • 06.10.21: Productive system hosted in Australia

Check the Cluster Overview page to get more information about existing PTV xServer internet deployments.