Regarding the new Apache Log4j vulnerability as per (CVE-2021-44228)
The AEM Forms on JEE 6.5.8 uses the log4j 2.10, 2.11.1 versions. These versions are affected by this vulnerability. Could anyone else using it please confirm the same.
There may be a temporary workaround to add "‐Dlog4j2.formatMsgNoLookups=true" but not a complete fix.
I have already opened a ticket on the Daycare site but haven't had any response yet.
Solved! Go to Solution.