Skip to main content

Question

2
Replies
244
Views
 srinivasu raju (srinivasur6711) Prime Therapeutics Systems Developer Lead IT
Prime Therapeutics
US
srinivasur6711 Member since 2018 7 posts
Prime Therapeutics
Posted: January 31, 2022
Last activity: April 8, 2022
Posted: 31 Jan 2022 10:13 EST
Last activity: 8 Apr 2022 16:16 EDT
Solved

Apache Log4j 2.17.1 Vulnerability Hotfixes

Report

As per the pega documentation to receive Apache Log4j 2.17.1 Vulnerability Hotfix we need to be on 8.4.6 version.

Currently we are on 8.4.0 and already applied Log4j 2.17 hotfix. Can we get hotfix for Log4j 2.17.1 without upgrading to 8.4.6 version ?

Pega Platform 8.4 Security
Reply
Cloe Walker

Accepted Solution

Posted: 1 year ago
Updated: 11 months ago
Posted: 31 Jan 2022 11:17 EST
Updated: 8 Apr 2022 16:16 EDT
Marije Schillern (MarijeSchillern) MOD Senior Knowledge Management Specialist
Pegasystems Inc.
GB
Report

@srinivasur6711  yes you need to be on the latest version,

"... Pega’s Log4j 2.17.1 hotfixes will only be available for the latest patch release of each Pega Platform version, and clients must evaluate whether they require this fix.  Clients who are on prior patch versions must upgrade to the latest patch version in order to receive and apply this hotfix, or they must apply a 2.17 hotfix from the Apache Log4j 2.17 Vulnerability Hotfixes Advisory. "

This is as per the article:

https://collaborate.pega.com/discussion/pega-security-advisory-%E2%80%93-pega-platform-apache-log4j-2171-vulnerability-hotfixes

 

Reply

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice