Ref: KB-2204 Information about the Log4j2 security vulnerability https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerability-cve-2021-44228 As all AppMarket plugins are open-source, customers also have the ability to inspect and update independently (and can publish their updates
We may use 1000s of plugins for our app, what would be the best approach to inspect to identify whether the specific plugin file uses Log4J and what version of it to confirm its affected by CVE-2021-44228 vulnerability? Is there any recommended tools / steps available please? Thanks
Discussion posts and replies are publicly visible
If it's 1000's, point your infrastructure security scanner at the Appian machine and fire away. (Edit: This is if you're on on-premise infrastructure)