General Discussion

 View Only
  • 1.  Log4j vulenrability in pentaho

    Posted 01-05-2022 05:49

    Hi , we are using Pentaho 8.0 community version. we wanted to check the if "CVE-2021-45105" is impacting 8.0 version, we have followed below mitigation plan for other log4j vulnerabilities as pentaho support portal and removed JMSAppeneder file from the log4j jar file. https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- we wanted to know if there is impact on CVE-2021-45105 on pentaho , if so what will be the mitigation plan?

    Thanks, Divya.



    ------------------------------
    Divya Joseph
    ------------------------------


  • 2.  RE: Log4j vulenrability in pentaho

    Posted 01-11-2022 20:09
    According to https://logging.apache.org/log4j/2.x/security.html  log4j-1.x is not affected by the vulnerability.

    ------------------------------
    Andrew Cave
    Systems Engineer
    BizCubed Pty Ltd
    Australia
    ------------------------------