Tag Archives: PTV xServer

PTV xServer 1.34 with latest Log4j released

Posted on by

And here is the next release of PTV xServer 1.34! Like in PTV xServer 2 we now integrated the latest security update Log4j 2.16.0 to fix the additional security risks found in Log4j 2.15.0. At the moment there is no further PTV xServer release planned to this topic.

  • PTV xCluster Server 1.34.0.2
  • PTV xDima Server 1.34.0.3
  • PTV xLoad Server 1.34.0.2
  • PTV xLocate Server 1.34.0.3
  • PTV xMap Server 1.34.0.3
  • PTV xMapmatch Server 1.34.0.2
  • PTV xRoute Server 1.34.0.3
  • PTV xTerritory Server 1.34.0.3
  • PTV xTour Server 1.34.0.3
  • PTV xServer bundle 1.34.0.3

For on-premise solutions you can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)

The cloud solution PTV xServer internet using PTV xServer 1.34 is already patched. Check the Cluster Overview page to get more information about existing PTV xServer internet deployments.

What a crazy week…

PTV xServer 2.25.2 with latest Log4j released

Posted on by

The PTV xServer 2.25.2 is released! We now integrated the latest security update Log4j 2.16.0 to fix the additional security risks found in Log4j 2.15.0 (integrated in PTV xServer 2.25.1). And again the same is true for the just released PTV Content Update Service 2.25.2. At the moment there is no further PTV xServer 2 release planned to this topic.

Please check the corresponding release notes here.

For on-premise solutions you can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)

The cloud solution PTV xServer internet is already patched in the currently used versions. Check the Cluster Overview page to get more information about existing PTV xServer internet deployments.

PTV xServer 1.34 “Log4j” bugfix release available

Posted on by

The PTV xServer 1.34 is now available fixing the critical vulnerability in the Apache Log4j logging framework. We integrated the security update Log4j 2.15.0.

  • PTV xCluster Server 1.34.0.1
  • PTV xDima Server 1.34.0.2
  • PTV xLoad Server 1.34.0.1
  • PTV xLocate Server 1.34.0.2
  • PTV xMap Server 1.34.0.2
  • PTV xMapmatch Server 1.34.0.1
  • PTV xRoute Server 1.34.0.2
  • PTV xTerritory Server 1.34.0.2
  • PTV xTour Server 1.34.0.2
  • PTV xServer bundle 1.34.0.2

As the situation is very dynamic, there are further security risks with a lower score in Log4j 2.15.0 found. Log4j 2.16.0 is already available and the next bugfix release of PTV xServer 1.34 is in preparation to integrate it (same for PTV xServer 2.25). Anyway, we recommend to use the just released PTV xServer versions as the security risk with the highest score is fixed with them.

For on-premise solutions you can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)

The cloud solution PTV xServer internet using PTV xServer 1.34 is already patched. Check the Cluster Overview page to get more information about existing PTV xServer internet deployments.

PTV xServer 2.25.1 released to fix the Log4j zero-day exploit

Posted on by

The PTV xServer 2.25.1 is released! We fixed the Log4j zero-day exploit and integrated the security update Log4j 2.15.0. The same is true for the also released PTV Content Update Service 2.25.1.

Please check the corresponding release notes here.

For on-premise solutions you can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)

The cloud solution PTV xServer internet is already patched in the currently used versions. Check the Cluster Overview page to get more information about existing PTV xServer internet deployments.

How to handle the Apache Log4j zero-day exploit using PTV xServer on-premise

Posted on by

As the PTV xServer API versions 1.34 and 2.x are affected by the critical vulnerability in the Apache Log4j logging framework we work on updates integrating the security update Log4j 2.15.0. We will announce the new on-premise versions here and recommend to use them as soon as they are available.

On short notice you can take the following measures to mitigate the zero-day exploit: Set the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS in your system to true. This of course also has a positive affect on other applications on your system that uses the lookup function from Log4j.

Please note that this mitigation works for PTV xServer 1.34 and from PTV xServer 2.7 on. In case of using PTV xServer versions 2.0 to 2.6 you have to update them first.

Moreover the PTV Content Update Service 2.x is in the same way affected as PTV xServer 2.x and the mitigation also works from PTV Content Update Service 2.7 on.

 

PTV xServer 1.34 released

Posted on by

The new PTV xServer API version 1.34 is available. As always, we recommend to use the new version as soon as possible. And these are the main topics:

  • Updated several third-party components to recent versions
  • Harmonized the speed values of the reference profile ‘truck11-99t_01-00’
  • Fixed some bugs, mainly concerning the distance matrix calculation

Please note that we also updated our logging framework. In case of individual changes in the logging configuration files, you have to adapt them (see “Migration Guide Logging”).

If you are interested in the full list of changes, you can check the corresponding release notes here.

You can download the latest version from the PTV xServer Customer Area: https://www.ptvgroup.com/en/solutions/products/ptv-xserver/customer-area/ (login and license required)