Welcome @stoeps.de, the blog of Christoph Stoettner
I work at Vegard IT GmbH as a senior consultant with a focus on collaboration software, Kubernetes, security and automation. I mainly deal with HCL Connections, WebSphere Application Server, Kubernetes, Ansible, Terraform and Linux.
Sometimes my daily work results in technical talks and blog articles, which you can follow here more or less regularly. You can find the presentations in the main menu under public speaking .
In my spare time I read a lot, test all kinds of technical software and gadgets and try to follow about 200 RSS feeds.
Here you can find a collection of them.
This is my private blog, all opinions are my own.
I wrote about font loading from external CDN in the post Hiding The Create Community Button 2nd last year and hoped this is finally fixed for all Connections applications. A good summary on the reasons to not allow external font loading is Blocking Web Fonts for Speed and Privacy .
So I checked with a Connections 7 deployment with the latest CFix (CFix.70.2112) deployed, if this is still an issue with Connections.
In former Connections' versions we found external fonts loaded in Orient Me (
/social), Communities Catalog (
/communities) and the Admin panel (
I installed HCL Connections Docs 2.0.1 on top of an already installed HCL Connections 6.5CR1 with Docs Viewer. Usually a simple task, the installation was smooth, after the mandatory restart the
Edit button in the files' application appeared and all looked good, but when the users clicked on
edit a white page was loaded.
- Elasticsearch: Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
- HCL: CVE-2021-44228 : Security Advisory
- IBM: Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)
- Security Bulletin: HCL Connections Security Update for Apache Log4j 2 Vulnerability (CVE-2021-44228)
- CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.
So there is a fix for
kc.war which updates the
log4j 2.8 to 2.15, Elasticsearch in Component Pack has log4j 2.8 and 2.11 included
but is not vulnerable because of additional security settings.
During troubleshooting of WebSphere Application Server it is necessary to enable traces and see more detailed log messages.
Enabling these traces is very annoying, because you need to follow long click paths within the Integrated Solution Console (ISC).
During the latest automated deployment of the HCL Connections Desktop Plug-ins for Microsoft™ Windows™ , I had issues activating the
Password Save Policy. We wanted to disable the option that users can save passwords.
The documentation tells us, that the registry key
HKLM\SOFTWARE\Wow6432Node\IBM\Social Connectors\Settings\Password Save Policy needs to be set to
1 to achieve this.
Some time ago I got the tip from HCL Support, that the
Create Community button will recognize the role
community-creator only when the gatekeeper option
CATALOG_CARD_UPDATED is set to
This is working, but I had to complain, that this option activates some code, which loads fonts from a CDN instead of the local Connections deployment.