a) Does not use it on AC at all
b) IDP/AG does not use it to parse network streams â only uses it to read the nidpconfig.properties file (if it exists). If the attacker has local access, they could theoretically take advantage of the vulnerability but a bigger issue exists if they have local access and want to attack the system. You could remove the nidpconfig.properties file completely (or move all attributes from here into the UI) to avoid this. 4.1 has 85% of all attributes available as UI options (outside nidpconfig.properties) and 4.2 has everything, so the file is not needed.
plan is to upgrade the libraries in a future build.