https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144256#M38282 <P>Hi&nbsp;<A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/52373">@maxodoble</A>&nbsp;-</P> <P>You can also find a post here on the Hub about it:&nbsp;<A href="https://hub.alfresco.com/t5/alfresco-content-services-blog/apache-log4j-vulnerability-cve-2021-44228/ba-p/310661" target="_blank" rel="noopener nofollow noreferrer">https://hub.alfresco.com/t5/alfresco-content-services-blog/apache-log4j-vulnerability-cve-2021-44228/ba-p/310661</A></P> <P>We'll also be providing extra updates as we get them from Hyland's security teams.&nbsp;</P> <P>Thanks,</P> <P>Amanda</P> Tue, 14 Dec 2021 20:24:49 GMT amanda_roberts 2021-12-14T20:24:49Z https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144253#M38279 <P>Hi,</P><P>is anybody aware of the consequences of this nasty log4j vulnerability for alfresco community versions?</P><P>a very quick look shows that log4j v 1.2.17 is used in alfresco community (repo and share), and not directly hit by CVE-2021-44228 (seems to be versions &gt;2 only), but then the question arises why such an old (and&nbsp; unsupported since 2015?) version of log4j is being used happily here in late 2021.</P><P>Any thoughts?</P><P>Thanks,</P><P>Max</P> Sun, 12 Dec 2021 13:42:36 GMT https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144253#M38279 maxodoble 2021-12-12T13:42:36Z https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144254#M38280 <P>Hi,</P><P><A href="https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" target="_blank" rel="nofollow noopener noreferrer">https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126</A></P><P>"<STRONG>applications using Log4j 1.x may be impacted if their configuration uses JNDI. However, the risk is much lower.</STRONG>"</P><P>Does anybody now a quick fix to update Log4j ?</P> Mon, 13 Dec 2021 08:19:33 GMT https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144254#M38280 Renesto 2021-12-13T08:19:33Z https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144255#M38281 <DIV data-contents="true"> <DIV class="" data-block="true" data-editor="3mcf7" data-offset-key="fpe3l-0-0"> <DIV class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="d02bo-0-0"><SPAN data-offset-key="fpe3l-2-0">Take a look at </SPAN><SPAN style="color: #1d9bf0;"><SPAN data-offset-key="cha9f-0-0"><A href="https://community.hyland.com/en/blog/posts/82098-apache-log4j-security-advisory" target="_blank" rel="nofollow noopener noreferrer">https://community.hyland.com/en/blog/posts/82098-apache-log4j-security-advisory</A> </SPAN></SPAN><SPAN data-offset-key="d02bo-0-0">(login required).</SPAN></DIV> </DIV> <DIV class="" data-block="true" data-editor="3mcf7" data-offset-key="d02bo-0-0"> <DIV class="public-DraftStyleDefault-block public-DraftStyleDefault-ltr" data-offset-key="d02bo-0-0"><SPAN data-offset-key="d02bo-0-0">No impact has been determined for latest </SPAN><SPAN style="color: #1d9bf0;"><SPAN data-offset-key="d02bo-1-0"><A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/67382">@alfresco</A></SPAN></SPAN><SPAN data-offset-key="d02bo-2-0"> releases!</SPAN></DIV> </DIV> </DIV> Mon, 13 Dec 2021 09:18:32 GMT https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144255#M38281 angelborroy 2021-12-13T09:18:32Z https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144256#M38282 <P>Hi&nbsp;<A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/52373">@maxodoble</A>&nbsp;-</P> <P>You can also find a post here on the Hub about it:&nbsp;<A href="https://hub.alfresco.com/t5/alfresco-content-services-blog/apache-log4j-vulnerability-cve-2021-44228/ba-p/310661" target="_blank" rel="noopener nofollow noreferrer">https://hub.alfresco.com/t5/alfresco-content-services-blog/apache-log4j-vulnerability-cve-2021-44228/ba-p/310661</A></P> <P>We'll also be providing extra updates as we get them from Hyland's security teams.&nbsp;</P> <P>Thanks,</P> <P>Amanda</P> Tue, 14 Dec 2021 20:24:49 GMT https://connect.hyland.com/t5/alfresco-forum/cve-2021-44228/m-p/144256#M38282 amanda_roberts 2021-12-14T20:24:49Z