micro-integrator icon indicating copy to clipboard operation
micro-integrator copied to clipboard
verified publisher icon wso2

is it affect WSO2 EI6.6.0 and WSO2 micro-integrator 4.0.0, vulnerable to CVE-2021-44228

Open uarulraj486 opened this issue 4 years ago • 2 comments

Description:

The Enterprise integrator6.6.0 and micro integrator 4.0.0 uses log4j-api-2.12.0.jar, log4j-core-2.12.0.jar and log4j-jcl-2.12.0.jar. The vulnerable to CVE-2021-44228 affect the product usage

What is the best resolution for the above issue in community edition? Please share your thoughts

Suggested Labels:

Suggested Assignees:

Affected Product Version: Log4j version – all 2.x versions before 2.15.0 (released today, Friday, December 10, 2021) are affected JVM version - if lower than: Java 6 – 6u212 Java 7 – 7u202 Java 8 – 8u192 Java 11 - 11.0.2

OS, DB, other environment details and versions:

Steps to reproduce:

Related Issues:

uarulraj486 avatar Dec 13 '21 10:12 uarulraj486

Hi @uarulraj486, our team is currently evaluating the options to make the security fixes available for the public. Will keep you posted.

Vathsan avatar Jan 20 '22 04:01 Vathsan

@Vathsan has it been updated for the latest wso2 docker community versions?

yasirjanjua avatar Apr 07 '22 17:04 yasirjanjua