Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Sreekanth Parameswaran Nair (SreekanthP)
TCS
Technical Architect
TCS
US
SreekanthP Member since 2017 2 posts
TCS
Posted: Dec 23, 2021
Last activity: Dec 23, 2021
Posted: 23 Dec 2021 13:34 EST
Last activity: 23 Dec 2021 13:58 EST
Closed

Log4j day zero vulnerability hotfix after manual workaround

Hi Team, we have applied the manual changes mentioned (deleting the record from pr_engineclasses and updating the kafka lib with 2.16 jar)

Do we still need to apply these hotfixes released.?

To see attachments, please log in.
Pega Platform 8.4.4
User Experience
Healthcare and Life Sciences
System/Cloud Ops Administrator

Posted: 3 years ago
Posted: 23 Dec 2021 13:58 EST
Suman Gumudavelly (SUMAN_GUMUDAVELLY)
Ford Motor Company
Pega Operations, CoE and Administration
Ford Motor Company
US

@SreekanthP  Yes.

 

Deleting the record from pr_engineclasses is a prevention to the jndi lookup classes. 

Installing the HFIX need to perform in 2 places [Since you mentioned it's Pega 8.4]

Pre-Req: All Critical HFIXs from Latest Catalog

#1. Kafka 

#2. Pega Platform 

 

Just follow the instructions posted at Security Advisory: [This is keep changing as the new HFIXs are being developed] 

https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability 

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice