log4j vulnerability impact on Alfresco community edition

cancel
Showing results for 
Search instead for 
Did you mean: 
prabhav
Active Member

log4j vulnerability impact on Alfresco community edition

Hi,

I would like to know whether any of the Alfresco Community edition components are affected by CVE-2021-44228

In alfresco-community-repo(8.423), I could see that Alfresco Core has log4j 1.2.17 in pom.xml. Also, Alfresco repository uses mybatis-3.3.0 which has dependency on log4j-core 2.14.1.

Please share some insights on this and also on other components like
- acs-community-packaging (7.0.0)
- Alfresco share (alfresco-share-parent-7.0.0)
- Alfresco Search Services (2.0.1)
- Alfresco Activemq
- Alfresco acs-community-ingress (alfresco-acs-nginx-3.1.1)

1 Reply
abhinavmishra14
Advanced

Re: log4j vulnerability impact on Alfresco community edition

Duplicate post, check the response here: 

 

https://hub.alfresco.com/t5/alfresco-content-services-forum/log4j-vulnerability-impact-on-alfresco-c... 

~Abhinav
(ACSCE, AWS SAA, Azure Admin)