Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CVE-2021-44228

maxodoble
Confirmed Champ
Confirmed Champ

‎12-12-2021 08:42 AM

Hi,

is anybody aware of the consequences of this nasty log4j vulnerability for alfresco community versions?

a very quick look shows that log4j v 1.2.17 is used in alfresco community (repo and share), and not directly hit by CVE-2021-44228 (seems to be versions >2 only), but then the question arises why such an old (and  unsupported since 2015?) version of log4j is being used happily here in late 2021.

Any thoughts?

Thanks,

Max

Labels:
3 REPLIES 3

Renesto
Champ on-the-rise
Champ on-the-rise

‎12-13-2021 03:19 AM

Hi,

https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126

"applications using Log4j 1.x may be impacted if their configuration uses JNDI. However, the risk is much lower."

Does anybody now a quick fix to update Log4j ?

0 Kudos

angelborroy
Community Manager Community Manager
Community Manager

‎12-13-2021 04:18 AM

No impact has been determined for latest @alfresco releases!
Hyland Developer Evangelist

amanda_roberts
Star Collaborator
Star Collaborator

‎12-14-2021 03:24 PM

Hi @maxodoble -

You can also find a post here on the Hub about it: https://hub.alfresco.com/t5/alfresco-content-services-blog/apache-log4j-vulnerability-cve-2021-44228...

We'll also be providing extra updates as we get them from Hyland's security teams. 

Thanks,

Amanda

Community Manager for Hyland and Alfresco
Did someone's answer help you out? Remember to Accept Solution!
0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC