<p>Hi , we are using Pentaho 8.0 community version. we wanted to check the if "CVE-2021-45105" is impacting 8.0 version, we have followed below mitigation plan for other log4j vulnerabilities as pentaho support portal and removed JMSAppeneder file from the log4j jar file. <a href="https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.pentaho.com%2Fhc%2Fen-us%2Farticles%2F4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-&data=04%7C01%7C%7C6b951b561ec149ef7f0308d9cf9eb936%7C1e0c92b0f1bd441ebbe6c778f9ced553%7C0%7C0%7C637769102919616908%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2nNnZXMpkvrYLfPVP8UlYkj2%2FB9n%2BZ9uv%2BAtoc7uW%2FQ%3D&reserved=0" target="_blank" rel="noopener">https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-</a> we wanted to know if there is impact on CVE-2021-45105 on pentaho , if so what will be the mitigation plan? Thanks, Divya.</p>

Pentaho

Divya Joseph posted 01-06-2022 05:29

Hi , we are using Pentaho 8.0 community version. we wanted to check the if "CVE-2021-45105" is impacting 8.0 version, we have followed below mitigation plan for other log4j vulnerabilities as pentaho support portal and removed JMSAppeneder file from the log4j jar file. https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- we wanted to know if there is impact on CVE-2021-45105 on pentaho , if so what will be the mitigation plan? Thanks, Divya.