https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Is Appian affected by the log4j vulnerability CVE-2021-44228?
Discussion posts and replies are publicly visible
Peter Lewis: We need official communication about this topic!
Just saw the mail sent on December 12th including the details about which parts of Appian may be affected, available updates and the procedure to update the Appian cloud environments.
Well done :-)
We have this same question and did not receive communication on the fix. Is there documentation on how to fix this for an on-prem installation?
I assume that the latest hotfixes include this patch. This is what they write in the email. In case you need details, contact Appian.
Please find this knowledge base article with the latest information on this vulnerability: community.appian.com/.../kb-2204-information-about-the-log4j2-security-vulnerability-cve-2021-44228
Hotfixes are available for self-managed customers with the latest updates to address this vulnerability.
Peter, thanks a lot :-)
Hello Peter Lewis,
after log4j upgrade, I am not able to see my logging coming through tomcat.log file.
Even though after changing my code as compatible to latest version of log4j 2.17, not working. Any advice on that ?
What do you mean when you say "changing my code as compatible to latest version" - did you install the hotfix or make the changes in a different way?
Nope, actually i have added updated library of log4j 2.17 in my customer plugin package which has bit different implementation then log4j 1.17.
example:
it has LogManager while initializing class instead of Logger
Sorry, unfortunately I don't know much about using log4j in plugins. Hopefully some other posters in the Community will have more context.