Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Sreekanth Parameswaran Nair (SreekanthP) TCS Technical Architect
TCS
US
SreekanthP Member since 2017 2 posts
TCS
Posted: Dec 23, 2021
Last activity: Dec 23, 2021
Posted: 23 Dec 2021 13:34 EST
Last activity: 23 Dec 2021 13:58 EST
Closed

Log4j day zero vulnerability hotfix after manual workaround

Report

Hi Team, we have applied the manual changes mentioned (deleting the record from pr_engineclasses and updating the kafka lib with 2.16 jar)

Do we still need to apply these hotfixes released.?

Pega Platform 8.4.4 User Experience Healthcare and Life Sciences System/Cloud Ops Administrator
Posted: 1 year ago
Posted: 23 Dec 2021 13:58 EST
Suman Gumudavelly (SUMAN_GUMUDAVELLY) Ford Motor Company Pega Operations, CoE and Administration
Ford Motor Company
US
Report

@SreekanthP   Yes.

 

Deleting the record from pr_engineclasses is a prevention to the jndi lookup classes. 

Installing the HFIX need to perform in 2 places [Since you mentioned it's Pega 8.4]

Pre-Req: All Critical HFIXs from Latest Catalog

#1. Kafka 

#2. Pega Platform 

 

Just follow the instructions posted at Security Advisory: [This is keep changing as the new HFIXs are being developed] 

https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability 

 

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice