Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

log4j vulnerability impact on Alfresco community edition

prabhav
Champ on-the-rise
Champ on-the-rise

‎12-24-2021 03:29 AM

Hi,

I would like to know whether any of the Alfresco Community edition components are affected by CVE-2021-44228

In alfresco-community-repo(8.423), I could see that Alfresco Core has log4j 1.2.17 in pom.xml. Also, Alfresco repository uses mybatis-3.3.0 which has dependency on log4j-core 2.14.1.

Please share some insights on this and also on other components like
- acs-community-packaging (7.0.0)
- Alfresco share (alfresco-share-parent-7.0.0)
- Alfresco Search Services (2.0.1)
- Alfresco Activemq
- Alfresco acs-community-ingress (alfresco-acs-nginx-3.1.1)

Labels:
0 Kudos
1 REPLY 1

abhinavmishra14
World-Class Innovator
World-Class Innovator

‎12-26-2021 10:54 AM

Duplicate post, check the response here: 

https://hub.alfresco.com/t5/alfresco-content-services-forum/log4j-vulnerability-impact-on-alfresco-c... 

~Abhinav
(ACSCE, AWS SAA, Azure Admin)
0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC