I'm work for intel OTC VCMT team for the open source media CI
We use QB 9.0.48 which is good version for rest/buildagents/active, but when we upgrade version from 9.0.48 to 11.0.26 for fix log4j problem
I find rest/buildagents/active need authorize, I query for the document:
https://wiki.pmease.com/display/QB11/Interact+with+Build+Agents it say don't need authorized for this RESTFul
I'm confuse of this function, I also upgrade the test server from 9.0.48 to 11.0.26 without this problem, but the production server catch this problem
This function is more useful to maintenance lot of device for the QB,
so I want to confirm what happen on this function
BTW: I still find log4j 1.2 on addons/traymonitor/lib/log4j-1.2.15.jar
Hopes this version also can upgrade
Log4j 1.2 is vulnerable when a socket server is started to accept log entries, which is not used in tray monitor. Nevertheless, we will update it to latest version in next major version.