webMethods IS used 10.1 level: We are getting lot of vulnerabilities during scans because of log4j and planning to upgrade to log4j2 latest version, can someone suggest how can plan our upgrade activity. If possible please confirm what all fi

The exact(!) same question was asked by @Rohit_Dabas eralier today. Please look here: Log4J Vulnerabilities

2 posts were merged into an existing topic: Log4J Vulnerabilities

Hi Jahn,

Sure. I will go through the forum.

Thanks for the information.

Regards,
Sravya.

Hi Sravya,

We don’t have to manually update any new jar files or configs for log4j vulnerabilities.
Please install latest fixes and shared bundles which comes with those fixes, the log4j version will be update with that.

You can use unzip -q -c log4j-core.jar META-INF/MANIFEST.MF to check your current version. If you are at version 2.17 or later all these vulnerabilities shouldn’t come.

1 Like