Hello Zigfried,

Thanks for your post.

With some quick research I see that there is an update to log4j, version 2.15.0 that may patch the recently discovered vulnerability.

If you are using TWS/IB Gateway, this would be relevant for you, and at this time, we suggest corresponding with Interactive Brokers for their own word on security recommendations. (TWS 985.1g and IB Gateway 981.3c are the versions we currently recommend if they mention those versions are vulnerable.)

An update for Java may be all that is necessary, but Interactive Brokers would know more as it involves their apps. If there is anything for us to share, I will be updating this post or replying again to this thread.

Jim

IB has updated their TWS and IB Gateway software

I have installed the new IB software versions and have confirmed that they now include log4j version 2.15.0

The previous versions that were recommended by NinjaTrader used log4j version 2.12.0 (a vulnerable version of log4j)

The latest IB software versions that I downloaded today are:

TWS - version 10.12.2a
IB Gateway - version 981.3f

Are these new IB software versions compatible with NT8?

Thanks

Hello Zigfried,

The versions of TWS and IB Gateway we provide in our Connection Guide are the versions that are thoroughly tested and supported by us. Sometimes we see unexpected behavior with various versions of TWS and IB Gateway, but that is not to say other version than what we recommend will exhibit issues.

You are welcome to try newer versions, but if an issue is seen, we would suggest confirming if the issue is seen with the versions of TWS/IB Gateway we give in our Connection Guide.

We understand that there was another vulnerability for log4j 2.15.0 discovered as well. We are monitoring the situation closely and are considering the need to support newer versions of TWS and IB Gateway.

Please refer to information provided by Interactive Brokers regarding security implications with their applications as they would be best able to answer.