AEM Forms J2EE Log4J security buelletin

Question

Hallo,

last year there was the big security bulletin with Log4J. Because of that there was a Fix for AEM Forms J2EE: AEMForms-6.5.0-0038 which updated the Log4J Version to 2.16 in AEM Forms J2EE and we deployed that. After that Log4J Update (V2.16) there were 2 other security buelletins:

CVE-2021-45105

CVE-2021-44832

I am aware that on this page it is described that Adobe Forms J2EE is not affected by these 2 new issuses. But because of the big news regarding to Log4J we have to ask from our security department if it is planned to upgrade to 2.17.1 and if the latest version will be included in a future fix? If so, when will the fix be released?

Best regards,

Pulkit_Jain_ · Accepted Answer

@ben97 Log4j 2.17.1 is tentatively going to be part of the upcoming release i.e AEM Forms JEE SP12 (GA March first week).  Hope this helps!

Mayank_Tiwari · Answer

Log4j version 2.17.1 will be avaialble in 6.5.12 JEE Service Pack.

As per the following link, AEM Forms releases the add-on packages and JEE patch one week after the scheduled AEM Service Pack and Cumulative Fix Pack release date(Feb 24). So, JEE 6.5.12 will be available by March 3.

https://experienceleague.adobe.com/docs/experience-manager-release-information/aem-release-updates/forms-updates/aem-forms-releases.html?lang=en

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded