12-24-2021 03:29 AM
Hi,
I would like to know whether any of the Alfresco Community edition components are affected by CVE-2021-44228
In alfresco-community-repo(8.423), I could see that Alfresco Core has log4j 1.2.17 in pom.xml. Also, Alfresco repository uses mybatis-3.3.0 which has dependency on log4j-core 2.14.1.
Please share some insights on this and also on other components like
- acs-community-packaging (7.0.0)
- Alfresco share (alfresco-share-parent-7.0.0)
- Alfresco Search Services (2.0.1)
- Alfresco Activemq
- Alfresco acs-community-ingress (alfresco-acs-nginx-3.1.1)
12-26-2021 10:54 AM
Duplicate post, check the response here:
Explore our Alfresco products with the links below. Use labels to filter content by product module.