OLB Release 220.127.116.11 Overview
The U.S. Treasury Bureau of the Fiscal Service (Fiscal Service) Over the Counter Division (OTCD) has updated the Over-the-Counter Channel Application (OTCnet) OTCnet Local Bridge (OLB) to version 18.104.22.168 in January 2022, which addresses critical security vulnerabilities identified in the Apache Log4j logging package used by earlier versions of the OLB.
OLB version 22.214.171.124 is the only OLB available for download to users as it is currently the most secure version. Fiscal Service strongly advises agencies to uninstall previous OLB versions and install OLB 126.96.36.199 and Firmware 4.3.0 to their workstations for optimal protection against security threats.
OLB version 188.8.131.52 introduces the following security enhancements:
- The Apache Log4j package used by the OLB has been upgraded to Log4j version 2.17.1, which addresses the following Log4j vulnerabilities:
- The Spring Framework components used by the OLB have been upgraded to version 5.3.14, which resolves the following Spring Framework vulnerabilities:
Additionally, OTCnet Online and OTC Kiosk Application in production and all QA (testing) environments have been upgraded to use Apache Log4j version 2.17.1.