HANA proxy

The HANA proxy is used to exchange data between the COBI.wms Android app and on-premises installations of the SAP HANA database for SAP Business One. The only external Java component used by the HANA proxy is the Gson JSON library from Google. Log4J is therefore not used in the HANA proxy.

In addition, the communication between the COBI.wms Android app and the HANA proxy takes place in the context of a local network, which is why the HANA proxy installations cannot be accessed from the Internet.

COBI.msv

COBI.msv is an implementation of the server component of the MSV3 v2.0 specification. Installations of COBI.msv are made publicly accessible from the Internet. The following external Java components are imported by COBI.msv:

The Gson JSON library from Google. (com.google.code.gson: gson)
The JAX WS RI runtime library bundle. (com.sun.xml.ws:jaxws-rt)

COBI.msv does not use Log4J directly. However, the import of the JAX WS bundle results in the following list of JAR files that are used indirectly by COBI.msv:

• activation-1.1.jar
• FastInfoset-1.2.16.jar
• gmbal-4.0.0.jar
• ha-api-3.1.12.jar
• istack-commons-runtime-3.0.8.jar
• jakarta.activation-api-1.2.1.jar
• jakarta.annotation-api-1.3.4.jar
• jakarta.jws-api-1.1.1.jar
• jakarta.xml.bind-api-2.3.2.jar
• jakarta.xml.soap-api-1.4.1.jar
• jakarta.xml.ws-api-2.3.2.jar
• javax.mail-1.6.2.jar
• jaxb-runtime-2.3.2.jar
• jaxws-rt-2.3.2-1.jar
• management-api-3.2.1.jar
• mimepull-1.9.11.jar
• pfl-asm-4.0.1.jar
• pfl-basic-4.0.1.jar
• pfl-basic-tools-4.0.1.jar
• pfl-dynamic-4.0.1.jar
• pfl-tf-4.0.1.jar
• pfl-tf-tools-4.0.1.jar
• policy-2.7.6.jar
• saaj-impl-1.5.1.jar
• stax2-api-4.1.jar
• stax-ex-1.8.1.jar
• streambuffer-1.5.7.jar
• txw2-2.3.2.jar
• woodstox-core-5.1.0.jar

(The list was generated from a productive installation of COBI.msv 1.1.0.)

These JAR files were thoroughly searched for contained Java .class files as well as nested JAR files. No trace of Log4J was found.