============================================================================= Run Date: APR 11, 2022 Designation: PREC*6.2*3 Package : PREC - PHARMACY ENTERPRISE CUSTOM S Priority: Mandatory Version : 6.2 SEQ #3 Status: Released Compliance Date: MAY 12, 2022 ============================================================================= Subject: PECS - Log4j2 Upgrade for TRM Compliance Category: - Informational Description: ============ The purpose of this Informational patch is to comply with the Technical Reference Model (TRM). Log4j2 libraries has been upgraded to version 2.17.1 to remediate security vulnerability found in the older versions of log4j. Pharmacy Enterprise Customization System (PECS) is a Java 2 Enterprise Edition (J2EE) application used to research, review, report, and manage customized drug information from First Data Bank's (FDB) MedKnowledge Framework, which is a Commercial-off-the-Shelf (COTS) product, used in the enhanced order checking process. The PECS application, through a web-based Graphical User Interface (GUI), allows VHA pharmacists and clinicians to research and request custom changes to Drug-Drug Interaction, Drug Pairs, Dose Range, Duplicate Therapy, and Professional Monograph records, controlling access through a role based authorization. VHA Pharmacy Benefits Management (PBM) periodically (as needed in support of VA procedures and priorities) prepare, review and approve the customizations, which result in VA Custom drug data, which will supersede or enhance the industry standard FDB-drug data. Defect Tracking System Ticket(s) & Overview: ============================================ JIRA Task Id: PECS-387 Problem: -------- PECS application contains Java components which are subject to compliance with Technical Reference Model (TRM) to maintain authority to operate (ATO). Resolution: ----------- Log4j Logging framework has been updated to be compliant with Technical Reference Model (TRM) and to remediate security vulnerability. Log4j has been upgraded from 2.13.3 to TRM approved version 2.17.1. Test Sites: ----------- User acceptance testing successfully completed by the Business Office. Software and Documentation Retrieval Instructions: ------------------------------------------------- The PREC*6.2*3 Informational Patch is available in FORUM. Documentation can be found in the VA Documentation Library (VDL) at: https://www.domain.ext/vdl/ PREC*6.2*3 Documentation can also be obtained at: https://download.vista.domain.ext/index.html/SOFTWARE Title File Name ------------------------------------------------------------------ PECS Deployment, Installation, PREC_6_2_3_DIBR.PDF Back-out, and Rollback Guide - PREC*6.2*3 PREC_6_2_3_DIBR.DOCX PECS Installation Guide PREC_6_2_3_IG.PDF PREC_6_2_3_IG.DOCX PECS Troubleshooting Guide PREC_6_2_3_TG.PDF PREC_6_2_3_TG.DOCX Installation Instructions: ------------------------- This is a Web based Java Application, and it is deployed on the centralized Weblogic server. No installation is required at Local sites. Routine Information: ==================== No routines included. ============================================================================= User Information: Entered By : Date Entered : FEB 02, 2022 Completed By: Date Completed: APR 07, 2022 Released By : Date Released : APR 11, 2022 ============================================================================= Packman Mail Message: ===================== No routines included