webMethods IS used 10.1 level: We are getting lot of vulnerabilities during scans because of log4j and planning to upgrade to log4j2 latest version, can someone suggest how can plan our upgrade activity. If possible please confirm what all fi

jahntech.cj · April 29, 2024, 3:00pm

The exact(!) same question was asked by @Rohit_Dabas eralier today. Please look here: Log4J Vulnerabilities

toni.petrov · April 30, 2024, 12:47pm

2 posts were merged into an existing topic: Log4J Vulnerabilities

Sravya.V · April 30, 2024, 9:12am

Hi Jahn,

Sure. I will go through the forum.

Thanks for the information.

Regards,
Sravya.

Rohit_Dabas · April 30, 2024, 1:32pm

Hi Sravya,

We don’t have to manually update any new jar files or configs for log4j vulnerabilities.
Please install latest fixes and shared bundles which comes with those fixes, the log4j version will be update with that.

You can use unzip -q -c log4j-core.jar META-INF/MANIFEST.MF to check your current version. If you are at version 2.17 or later all these vulnerabilities shouldn’t come.