Everest Group IDP
             PEAK Matrix® 2022  
Indico Named as Major Contender and Star Performer in Everest Group's PEAK Matrix® for Intelligent Document Processing (IDP)
Access the Report

BLOG

Release notes – Indico Unstructured Data Platform v4.17

December 16, 2021 | Release Notes, Uncategorized

Back to Blog

Thank you for being a valued Indico user! We’re constantly making updates to our app and APIs, working on new features, and ensuring our security is top of the line.  Have ideas on how to make our product even better – please let us know!

Innovations and Updates in v4.17:

Support for Native and Empty Password PDFs

  • We now offer support for the ingestion of PDF encrypted with empty passwords. Password protected PDFs (say that three times fast) can be uploaded to Datasets without triggering errors or causing dataset upload failures.
  • Native PDF handling updates are also included in this release.

Log4j Patches

  • Patches have been made in IPA-4.11.7, IPA-4.13.3, IPA-4.14.1, IPA-4.15.2, and IPA-4.16.4  to correct security flaws brought on by the Log4j vulnerability. IPA-4.17.0 also addresses the vulnerability.

Frequently Asked Questions about Log4j: 

  1. What is Log4j? Why does Indico Data use it?
    Log4j is a framework used to record user activity and application behavior for review.  It’s a widely used tool for collecting information in Java-based applications. Indico uses Log4j indirectly as part of a third-party tool in our metrics service. Indico’s metrics system is not openly accessible, nor is it accessible to most users without high-level cluster level access and permissions.
  2. How high risk is the Log4j vulnerability for Indico customers?
    Based on the inaccessibility of Indico systems that leverage the Log4j library, this vulnerability is considered very low risk for Indico customers. Regardless, Indico Data’s dedicated team of engineers has responded to the information with an exceptional level of promptness and efficiency and has created patches to mitigate any vulnerability. All Indico customers will be contacted in the coming days for patch installations. If you would like your patch expedited, please contact your Indico Customer Success Manager.
  3. Does the Log4j vulnerability affect users utilizing the Indico Data Java client library?
    If you’re using our Java client library, the risk is minimal. There are no references to the Log4j-core library used in any version of our Java client library. In all versions, we do reference Log4j-API, which is not known to be subject to the exploit. We recommend upgrading to 4.12.3+ in an abundance of caution to minimize the risk of this vulnerability affecting your systems.

  4. How is Indico Data addressing the Log4j arbitrary code execution vulnerability?
    In late December 2021, another security Log4j vulnerability was discovered. This vulnerability requires configuration access of the logging library to be utilized maliciously. Therefore, this vulnerability is considered to be of much lower severity than the previous instances. The Indico Data team continues to monitor the situation diligently to ensure the security of our systems. Currently, there is no plan to produce an emergency patch, and any updates addressing this vulnerability will be done on the regular release cycle.

Updated on January 3, 2022 – Information in this post is subject to change as new information about the Log4j vulnerability develops.

Automate your most complex unstructured document workflows

Get started with Indico

Interactive demo

Transform your own unstructured documents with our OOTB models

Live Demo

Explore firsthand the value the Indico Platform delivers

Talk with us

Discuss how the Indico Platform can help you tackle your unstructured data problems

Resources

Customer stories

Webinars

eBooks

Analyst reports

Subscribe to our blog

Get our best content on intelligent automation sent to your inbox weekly!