Below query still returns results after Apache Log4j Vulnerability hotfix installation. In fact, it returns one additional row(for v 8.1.1. and 2 new rows for v 8.5.2) which got inserted with hotfix installation. Please advise if that is expected.
select pzjar,pzpackage,pzclass,pzlastmodified,pzmoduleversion,pzcodesetversion,pzpatchdate from <Rules Schema Name>.pr_engineclasses where pzclass = 'JndiLookup.class' and pzpackage = 'org/apache/logging/log4j/core/lookup';
***Edited by Moderator Marissa to update Capability tags; updated Support Case details****
@HARIL043 I assume JARs needs to removed manually. There is not alternative. I have tried out the same on a Pega PE edition for triaging purpose doing the same. Its better to reach out to Pega GCS by raising a support ticket for confirmation.
Posted: 11 months ago
Posted: 21 Dec 2021 8:02 EST
HARI LOSARI (HARIL043)