You are currently reviewing an older revision of this page.
Following the December 10, 2021 announcement of the critical Log4j2 security vulnerability (CVE-2021-44228), Appian determined that impacted versions of Log4j2 were being used in the Appian platform. Appian has taken the following actions in response:
com.sun.jndi.ldap.object.trustURLCodebase
false
Appian Selenium API (Application Programing Interface)
Cucumber for Appian
FitNesse for Appian
Appian contacted plugin authors for Appian Community supported plugins, encouraging them to review their plugins for this vulnerability and publish updates if they are affected. As all AppMarket plugins are open-source, Appian customers also have the ability to inspect and update independently (and can publish their updates back to the AppMarket)
log4j2.formatMsgNoLookups
true
Appian customers’ support contacts have been notified of the availability of this hotfix.
Additional Notes:
Timeline:
Appian response to the FedRAMP Log4j2 questionnaire is in-progress and will be available on OMB Max.
This article applies to all versions of Appian.
Last Reviewed: January 31 2022