Expand my Community achievements bar.

SOLVED

Steps to mitigate log4j in windows Adobe Experience Manager -Forms V 6.2 and 6.3

Avatar

Level 1

We have identified 2 instances of log4j-core-2.1.jar in a cache folder and also in jboss/standalone/tmp/vfs/deployment/ folder.

 

Is there any advice on Aems 6.2/6.3 on how to either update the log4j version or even remove the instances. Will there be a patch or hot fix release or instructions on how to rectify?

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

HI @Errol ,

All Log4j 1.x library are removed in the 6.5.14 release. You can try to install AEM 6.5.14.0 or a later release.
For details on it you can follow below KB where manual instruction is also listed:

https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html


Thanks
Tarun

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

HI @Errol ,

All Log4j 1.x library are removed in the 6.5.14 release. You can try to install AEM 6.5.14.0 or a later release.
For details on it you can follow below KB where manual instruction is also listed:

https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html


Thanks
Tarun

Avatar

Administrator

@Errol Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni