Expand my Community achievements bar.

SOLVED

AEM Forms J2EE Log4J security buelletin

Avatar

Level 1

Hallo,

 

last year there was the big security bulletin with Log4J. Because of that there was a Fix for AEM Forms J2EE: AEMForms-6.5.0-0038 which updated the Log4J Version to 2.16 in AEM Forms J2EE and we deployed that. After that Log4J Update (V2.16) there were 2 other security buelletins:

CVE-2021-45105

CVE-2021-44832

I am aware that on this page it is described that Adobe Forms J2EE is not affected by these 2 new issuses. But because of the big news regarding to Log4J we have to ask from our security department if it is planned to upgrade to 2.17.1 and if the latest version will be included in a future fix? If so, when will the fix be released?

 

Best regards,

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

@Ben97 

Log4j 2.17.1 is tentatively going to be part of the upcoming release i.e AEM Forms JEE SP12 (GA March first week). 

 

Hope this helps!

View solution in original post

3 Replies

Avatar

Correct answer by
Employee Advisor

@Ben97 

Log4j 2.17.1 is tentatively going to be part of the upcoming release i.e AEM Forms JEE SP12 (GA March first week). 

 

Hope this helps!

Avatar

Employee

Log4j version 2.17.1 will be avaialble in 6.5.12 JEE Service Pack.

 

As per the following link, AEM Forms releases the add-on packages and JEE patch one week after the scheduled AEM Service Pack and Cumulative Fix Pack release date(Feb 24). So, JEE 6.5.12 will be available by March 3.

https://experienceleague.adobe.com/docs/experience-manager-release-information/aem-release-updates/f...

Avatar

Level 1

@Pulkit_Jain_ @Mayank_Tiwari Thank you very much for your very fast replies! That is perfekt!