Adobe Experience Manager Sites & More

GPhillips58 · 2/3/25

We are running jboss-eap-7.4.10 which has a log4j vulnerability. Does Adobe provide JBoss patches with the JEE installers? JBoss from Adobe is not covered under our Red Hat Enterprise Linux license so we cannot get the patch from Red Hat.

Shiv_Prakash_Patel · 2/3/25

HI @GPhillips58 ,

Boss EAP 7.4.10 primarily utilizes the JBoss Logging framework, which does not inherently include the vulnerable components of Log4j. Therefore, the core JBoss EAP is not directly affected by the Log4j vulnerabilities.

However, if your applications deployed on JBoss EAP incorporate Log4j, especially versions prior to 2.17.1, they may be susceptible to known vulnerabilities. In such cases, it's crucial to update Log4j to the latest secure version within your applications.

Regards,

Shiv Prakash

GPhillips58 · 2/21/25

We are running AEM Forms 6.5.21 on JBoss. Are you saying that AEM does not use log4j?

kautuk_sahni · 2/18/25

@GPhillips58 Did you find the suggestion helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

Adobe Experience Manager Sites & More

Is JBoss patch 7.4.20 available with any of the AEM Forms JEE sp installers?

Kautuk Sahni

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe