SAS Institute. The Power to Know
 
 
 

SAS Environment Manager 2.5_M4

Hot Fix Downloads

* General Information about Hot Fixes

J9V001 was replaced by J9V017

J9V002 was replaced by J9V017

J9V003 was replaced by J9V017

J9V004 was replaced by J9V017

J9V005 was replaced by J9V017

J9V006 was replaced by J9V017

J9V007 was replaced by J9V017

J9V008 was replaced by J9V017

J9V010 was replaced by J9V017

J9V011 was replaced by J9V017

J9V012 was replaced by J9V017

J9V013 was replaced by J9V017

J9V014 was replaced by J9V017

J9V015 was replaced by J9V017

J9V016 was replaced by J9V017

J9V017
SAS Environment Manager 2.5_M4
Issue(s) Addressed:Introduced:
67194 SAS® Environment Manager includes a version of Apache Ant that has known vulnerabilities J9V001
61159 A security scan might report a vulnerability in SAS® Environment Manager J9V002
67844 SAS® Environment Manager contains a PostgreSQL library that is affected by a known vulnerability J9V002
67848 The SAS® Environment Manager server contains a version of Apache Tomcat that is affected by known vulnerabilities J9V002
67850 SAS® Environment Manager accepts GET requests in circumstances where the POST method should be used J9V002
67851 SAS® Environment Manager fails to disable the autocomplete function for certain password input fields J9V002
67891 SAS® Environment Manager contains an XStream library that is affected by known vulnerabilities J9V002
68098 SAS® Environment Manager contains a Velocity library that contains known vulnerabilities J9V003
68378 SAS® Environment Manager contains a version of Apache Ant with known vulnerabilities J9V004
68578 SAS® Environment Manager fails to start with "EXCEPTION_ACCESS_VIOLATION" after applying the SAS Private Java Runtime Environment (JRE) update J9V005
68431 SAS® Environment Manager contains a cross-site scripting vulnerability (CVE-2021-35475) J9V006
68637 SAS® Environment Manager contains a version of Apache Groovy affected by CVE-2020-17521 J9V006
68638 SAS® Environment Manager contains a version of the Jasypt library affected by CVE-2014-9970 J9V006
68648 SAS® 9.4M7 deployments using SAS Software Depots prior to revision 21w26 encounter an error at the "SAS Environment Manager Configuration" step J9V006
68560 SAS® Environment Manager contains a version of Apache Tomcat that is affected by CVE-2021-33037 and CVE-2021-30640 J9V007
68756 SAS® 9.4 products contain an Apache Log4J version 2 component with known vulnerabilities J9V007
68786 SAS® Environment Manager 2.5 contains an Apache HttpClient library affected by CVE-2020-13956 J9V007
68787 SAS® Environment Manager contains an XStream library with known vulnerabilities J9V007
68909 The SAS® Environment Manager Configuration step of the Load Content stage fails with "…Failed To create ev initial User and Role…" J9V007
68972 SAS® Environment Manager contains an Apache Commons IO library that is affected by CVE-2021-29425 J9V007
69029 SAS® Environment Manager 2.5 contains a Terracotta Quartz Scheduler library affected by CVE-2019-13990 J9V007
69033 SAS® Environment Manager contains a version of the Terracotta Quartz Scheduler with known vulnerabilities J9V007
69248 SAS® Environment Manager contains an XStream library that is affected by CVE-2021-43859 J9V008
69249 SAS® Environment Manager contains a PostgreSQL JDBC Driver affected by CVE-2022-21724 J9V008
69483 SAS® Environment Manager Agent reports incorrect Microsoft Windows releases for Windows releases after 2015 J9V009
69798 SAS® Environment Manager contains a version of the PostgreSQL JDBC Driver that is known to be affected by CVE-2022-31197 J9V010
69930 SAS® Environment Manager contains multiple libraries with known vulnerabilities J9V010
70013 SAS® Environment Manager Server uses a version of Apache Tomcat with known vulnerabilities J9V011
70328 A SAS® Environment Manager server contains a version of Apache Tomcat with known vulnerabilities J9V012
70522 Remove old log4j 1.2 config files in SAS® Environment Manager J9V013
70523 Removal of unnecessary check boxes for the Plug-in Manager page within the SAS® Environment Manager web console J9V013
70554 SAS® Environment Manager contains a version of activemq-client that is known to be affected by CVE-2023-46604 J9V014
70677 SAS® Environment Manager Hot Fix J9V014 removes previous files that are no longer used J9V014
70685 The SAS® Environment Manager server contains a version of Apache Tomcat with known vulnerabilities J9V014
70836 The SAS® Environment Manager server contains a version of Apache Tomcat with known vulnerabilities J9V016
70944 SAS® Environment Manager contains Apache CXF, Apache ActiveMQ 5.17.x, and Apache Tomcat 9.0.89, which have security vulnerabilities J9V017
71115 SAS® Environment Manager Server contains a version of Freemarker with a known vulnerability J9V017
Windows for x64 Released: February 13, 2025     Documentation: J9V017x6.html D       Download: J9V017pt.zip  
64-bit Enabled Solaris Released: February 13, 2025     Documentation: J9V017s6.html D       Download: J9V017pt.zip  
64-bit Enabled AIX Released: February 13, 2025     Documentation: J9V017r6.html D       Download: J9V017pt.zip  
HP-UX IPF Released: February 13, 2025     Documentation: J9V017hx.html D       Download: J9V017pt.zip  
Linux for x64 Released: February 13, 2025     Documentation: J9V017la.html D       Download: J9V017pt.zip  
Solaris for x64 Released: February 13, 2025     Documentation: J9V017sx.html D       Download: J9V017pt.zip  
D indicates that the Documentation has special pre-installation, post-installation or other unique instructions not commonly used for hot fix deployment.
Top ^



PLEASE CAREFULLY READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT ("AGREEMENT") BEFORE DOWNLOADING MATERIALS FROM THIS SITE. BY DOWNLOADING ANY MATERIALS FROM THIS SITE, YOU ARE AGREEING TO THESE TERMS.
You are downloading software code ("Code") which will become part of a product ("Software") you currently have licensed from SAS Institute Inc. or one of its subsidiaries ("the Institute"). this Code is designed to either correct an error in the Software or to add functionality to the Software. The code is governed by the same agreement which governs the Software. If you do not have an existing agreement with the Institute governing the Software, you may not download the Code.
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are registered trademarks or trademarks of their respective companies.
Copyright © SAS Institute Inc. All Rights Reserved.