Home > Forum > General > Log4j 2.21.1 for WebCon BPS 2023 R2

Log4j 2.21.1 for WebCon BPS 2023 R2
0

Hello,

our information security office has detected a log4j vulnerability. We currently have the log4j-1.2.17.jar version for WebCon BPS 2023 R2

Is it possible to upload version 2.21.1 according to the article https://kb.webcon.pl/security-podatnosc-cve-2021-44228-w-apache-log4j2/?

https://logging.apache.org/log4j/2.x/download.html

Will the new version of BPS include this type of fix?

Darek,
have you tried manually replace log4j files in dev / test environment first?
I did it on my dev/test environment running version 2023.1.2.68. After replacing appropriate .jar files (3 files) both WEBCON services are working.
I didn't notice errors after the change.

I used the same method as it was described in mentioned article.

Best.