We have identified 2 instances of log4j-core-2.1.jar in a cache folder and also in jboss/standalone/tmp/vfs/deployment/ folder.
Is there any advice on Aems 6.2/6.3 on how to either update the log4j version or even remove the instances. Will there be a patch or hot fix release or instructions on how to rectify?
Solved! Go to Solution.
Views
Replies
Total Likes
HI @Errol ,
All Log4j 1.x library are removed in the 6.5.14 release. You can try to install AEM 6.5.14.0 or a later release.
For details on it you can follow below KB where manual instruction is also listed:
https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html
Thanks
Tarun
HI @Errol ,
All Log4j 1.x library are removed in the 6.5.14 release. You can try to install AEM 6.5.14.0 or a later release.
For details on it you can follow below KB where manual instruction is also listed:
https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html
Thanks
Tarun
@Errol Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.
Views
Replies
Total Likes
Views
Likes
Replies