We apologize for the delay and outdated advisory information.
The mentioned hotfix in the end did actually get released on the 17th, however there was no advisory update. I see that you have received the files in the meantime through support. I've submitted a request to update the advisory. Please feel free to directly provide us feedback on a specific doc or community article through the yellow 'contact us' option on the right hand side at any time, to further allow us to improve.
Please note that the criticality of this hotfix is debatably. If you've already applied the earlier hotfixes, there's most likely no risk left which requires this 2.17.1 log4j based hotfix. There's a high chance there's more direct security benefits by focusing on other aspects of your Pega security.
I hope this answers your questions and you can mark this question as addressed. Please reach out to me directly in case you'd like assistance in identifying other opportunities to improve security of your Pega applications.
Besides of this question I also raised an SR which was also not answered. I am not willing to accept that it takes a week to answer a simple question. Especially if I understand from other questions that Pega did not inform anybody that the hotfix was released. And this morning I was running the hotfix manager and this hotfix was still not in the catalogue. But now Pega cloud team started to install the hotfix on my environments.
You may debate if this hotfix is needed or not. But it is a mandatory requirement of IT-Security in our company. They don't do any compromises on security.
Posted: 8 months ago
Posted: 24 Jan 2022 21:03 EST
Nandhini Venkatesh (NandhiniVenkat)