Home > Forum > General > Log4j 2.21.1 for WebCon BPS 2023 R2

Log4j 2.21.1 for WebCon BPS 2023 R2
0

17.11.2023
14:57
Dariusz Tułacz

Hello,

our information security office has detected a log4j vulnerability. We currently have the log4j-1.2.17.jar version for WebCon BPS 2023 R2

Is it possible to upload version 2.21.1 according to the article https://kb.webcon.pl/security-podatnosc-cve-2021-44228-w-apache-log4j2/?

https://logging.apache.org/log4j/2.x/download.html

Will the new version of BPS include this type of fix?

Reply  
19.11.2023
18:22
Adam Hatak

Darek,
have you tried manually replace log4j files in dev / test environment first?
I did it on my dev/test environment running version 2023.1.2.68. After replacing appropriate .jar files (3 files) both WEBCON services are working.
I didn't notice errors after the change.

I used the same method as it was described in mentioned article.

Best.

Reply  
Solution (0) Helpful (1) Wrong answer (0)
23.11.2023
11:07
Dariusz Tułacz
In reply to: Adam Hatak

Darek,
have you tried manually replace log4j files in dev / test environment first?
I did it on my dev/test environment running version 2023.1.2.68. After replacing appropriate .jar files (3 files) both WEBCON services are working.
I didn't notice errors after the change.

I used the same method as it was described in mentioned article.

Best.

Hi Adam, actually replacing the files did not cause any problems with the operation of the system. Thanks!

Reply  
Solution (0) Helpful (0) Wrong answer (0)
Menu
Babinskiego 69
30-393 Krakow, Poland
office@webcon.com
+48 12 443 13 90