Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 srinivasu raju (srinivasur6711)
Prime Therapeutics
Systems Developer Lead IT
Prime Therapeutics
US
srinivasur6711 Member since 2018 7 posts
Prime Therapeutics
Posted: Jan 31, 2022
Last activity: Apr 8, 2022
Posted: 31 Jan 2022 10:13 EST
Last activity: 8 Apr 2022 16:16 EDT
Closed
Solved

Apache Log4j 2.17.1 Vulnerability Hotfixes

As per the pega documentation to receive Apache Log4j 2.17.1 Vulnerability Hotfix we need to be on 8.4.6 version.

Currently we are on 8.4.0 and already applied Log4j 2.17 hotfix. Can we get hotfix for Log4j 2.17.1 without upgrading to 8.4.6 version ?

To see attachments, please log in.
Pega Platform 8.4
Security

  • Cloe Walker

Accepted Solution

Posted: 2 years ago
Updated: 2 years ago
Posted: 31 Jan 2022 11:17 EST
Updated: 8 Apr 2022 16:16 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@srinivasur6711 yes you need to be on the latest version,

"... Pega’s Log4j 2.17.1 hotfixes will only be available for the latest patch release of each Pega Platform version, and clients must evaluate whether they require this fix.  Clients who are on prior patch versions must upgrade to the latest patch version in order to receive and apply this hotfix, or they must apply a 2.17 hotfix from the Apache Log4j 2.17 Vulnerability Hotfixes Advisory. "

This is as per the article:

https://collaborate.pega.com/discussion/pega-security-advisory-%E2%80%93-pega-platform-apache-log4j-2171-vulnerability-hotfixes

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice