Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/discussions/f/general/22810/is-appian-affected-by-this-log4j-vulnerability-cve-2021-44228https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 Is Appian affected by the log4j vulnerability CVE-2021-44228?en-USTelligent Community 12RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/90770?ContentTypeID=1Mon, 07 Feb 2022 16:17:00 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:e70387d0-33b4-46d4-bbb8-d55ea54a4528Peter Lewis<p>Sorry, unfortunately I don&#39;t know much about using log4j in plugins. Hopefully some other posters in the Community will have more context.</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/90769?ContentTypeID=1Mon, 07 Feb 2022 16:04:50 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:57044e97-1194-4ad3-b48e-073c5550d767Satyam Singh<p>Nope, actually i have added updated library of log4j 2.17 in my customer plugin package which has bit different implementation then log4j 1.17.</p> <p>example:&nbsp;<img src="/resized-image/__size/320x240/__key/communityserver-discussions-components-files/11/pastedimage1644249867916v1.png" alt=" " /></p> <p>it has LogManager while initializing class instead of Logger&nbsp;&nbsp;</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/90766?ContentTypeID=1Mon, 07 Feb 2022 15:37:01 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:6168e021-678b-46e0-a843-74943708e8cePeter Lewis<p>What do you mean when you say &quot;changing my code as compatible to latest version&quot; - did you install the hotfix or make the changes in a different way?</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/90765?ContentTypeID=1Mon, 07 Feb 2022 15:31:38 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:31563615-9ab7-4ac3-9953-ec8d8ac77ce1Satyam Singh<p>Hello <a href="/members/peter.lewis">Peter Lewis</a>,</p> <p></p> <p>after log4j upgrade,&nbsp;I am not able to see my logging coming through tomcat.log file.&nbsp;</p> <p>Even though after changing my code as compatible to latest version of log4j 2.17, not working. Any advice on that ?</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/89036?ContentTypeID=1Tue, 14 Dec 2021 06:54:52 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:05a59b50-c228-433b-9ae8-587f0f215650Stefan Helzle<p>Peter, thanks a lot :-)</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/89031?ContentTypeID=1Mon, 13 Dec 2021 20:46:09 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:8bc84783-98f3-4c81-8ae1-ac538d8b59a1Peter Lewis<p>Please find this knowledge base article with the latest information on this vulnerability:&nbsp;<a href="https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerability-cve-2021-44228">community.appian.com/.../kb-2204-information-about-the-log4j2-security-vulnerability-cve-2021-44228</a></p> <p>Hotfixes are available for self-managed customers&nbsp;with the latest updates to address this vulnerability.</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/89022?ContentTypeID=1Mon, 13 Dec 2021 16:13:14 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:a7ec7db6-87c8-4831-83bc-e24b2cea9adaStefan Helzle<p>I assume that the latest hotfixes include this patch. This is what they write in the email. In case you need details, contact Appian.</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/89021?ContentTypeID=1Mon, 13 Dec 2021 16:09:06 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:97b01cd9-beb9-47a1-a40c-cffa7436c1b0keviny<p>We have this same question&nbsp;and did not receive communication on the fix. Is there documentation on how to fix this for an on-prem installation?</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/88992?ContentTypeID=1Mon, 13 Dec 2021 07:31:50 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:073baa1f-8e6a-4798-9baf-cdd7e6896abaStefan Helzle<p>Just saw the mail sent on December 12th including the details about which parts of Appian may be affected, available updates and the procedure to update the Appian cloud environments.</p> <p>Well done :-)</p><div style="clear:both;"></div>RE: Is Appian affected by this log4j vulnerability CVE-2021-44228?https://community.appian.com/thread/88991?ContentTypeID=1Mon, 13 Dec 2021 07:25:10 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:137c4e2b-e0e7-457e-9b60-8c33c58a50b0Stefan Helzle<p><a href="/members/peter.lewis">Peter Lewis</a>: We need official communication about this topic!</p><div style="clear:both;"></div>