Below query still returns results after Apache Log4j Vulnerability hotfix installation. In fact, it returns one additional row(for v 8.1.1. and 2 new rows for v 8.5.2) which got inserted with hotfix installation. Please advise if that is expected.
select pzjar,pzpackage,pzclass,pzlastmodified,pzmoduleversion,pzcodesetversion,pzpatchdate from .pr_engineclasses where pzclass = ‘JndiLookup.class’ and pzpackage = ‘org/apache/logging/log4j/core/lookup’;
@HARIL043 Can you refer this, As per the article you need to remove those jars.
@KarthikM6254 Hi Karthik,
As per earlier communication we need to apply these steps as there was no Hot fix released. Now we got Hot fix, but still we need to run ?
In our Org, max all 8.x versions in prod , so we requested all the Hot fixes mentioned here.
@HARIL043 I assume JARs needs to removed manually. There is not alternative. I have tried out the same on a Pega PE edition for triaging purpose doing the same. Its better to reach out to Pega GCS by raising a support ticket for confirmation.
@KarthikM6254 Thanks Support request raised #
| INC-205043 |
|---|