Pentaho

 View Only
  • 1.  Log4j vulnerability fix for PDI Community Edition

    Posted 05-04-2022 05:05
    Good day,

    We are currently using the last provided Pentaho Community Edition version (9.2.0.0-290), available on Pentaho from Hitachi Vantara - Browse /Pentaho-9.2 at SourceForge.net and would like to understand if there is a timeline for when a new version will be provided that fixes the log4j vulnerability. When is it planned for a new version to be available?

    Furthermore, we have already done the remediation actions and would like to understand if it is possible to manually update the affected files so that the java and log4j affected versions are no longer detected in our installation.

    Any help on this matter is appreciated.
    Thank you.

    ------------------------------
    Andre Rosa
    ------------------------------


  • 2.  RE: Log4j vulnerability fix for PDI Community Edition

    Posted 05-05-2022 15:06
    Pentaho EE releases were patched in the February Service Packs (March 01, 2022 releases 8.3.0.26 and 9.2.0.3).  9.3 is planned to be released this week for EE and CE and will also include those patches.

    ------------------------------
    Stephen Donovan
    Digital Solutions Architect
    Hitachi Vantara
    ------------------------------



  • 3.  RE: Log4j vulnerability fix for PDI Community Edition

    Posted 05-06-2022 04:28
    Good morning Stephen,

    Thank you very much for the patching release schedule information.
    Have a great weekend!

    Best Regards,
    André Rosa

    ------------------------------
    Andre Rosa
    ------------------------------