Zero-day flaw log4j2 - needs patching
How do I find what version of Log4J2 we have installed and after that, how do we upgrade it?
There is a zero-day flaw that needs patching:
FYI: Zero day for log4j versions: 2.0 <= Apache log4j <= 2.14.1 https://www.lunasec.io/docs/blog/log4j-zero-day/ patch: https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc1
Accepted Solution
TSYS
US
The latest from PEGA is on how to delete jars from database and update Pega_Stream, and that a hotfix is TBD :-(
Their recommendations are here: https://docs-previous.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
As of today, the new version of log4j is actually 2.17.x
DXC Technology Services LLC
IN
Hello,
Have we got any more info on this and the impacts?
Please share if you have got any info on how to upgrade it to 2.15.
Zurich Insurance Company Ltd
IN
This is the latest update from Pega.
Accepted Solution
TSYS
US
The latest from PEGA is on how to delete jars from database and update Pega_Stream, and that a hotfix is TBD :-(
Their recommendations are here: https://docs-previous.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability
As of today, the new version of log4j is actually 2.17.x