Home > Forum > General > Log4j 2.21.1 for WebCon BPS 2023 R2

Log4j 2.21.1 for WebCon BPS 2023 R2

0

17.11.2023

14:57

Hello,

our information security office has detected a log4j vulnerability. We currently have the log4j-1.2.17.jar version for WebCon BPS 2023 R2

Is it possible to upload version 2.21.1 according to the article https://kb.webcon.pl/security-podatnosc-cve-2021-44228-w-apache-log4j2/?

https://logging.apache.org/log4j/2.x/download.html

Will the new version of BPS include this type of fix?

19.11.2023

18:22

Darek,
have you tried manually replace log4j files in dev / test environment first?
I did it on my dev/test environment running version 2023.1.2.68. After replacing appropriate .jar files (3 files) both WEBCON services are working.
I didn't notice errors after the change.

I used the same method as it was described in mentioned article.

Best.

Solution (0)

Helpful (1)

Wrong answer (0)

23.11.2023

11:07

In reply to: Adam Hatak

Hi Adam, actually replacing the files did not cause any problems with the operation of the system. Thanks!

Solution (0)

Helpful (0)

Wrong answer (0)