https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407022#M11364 <P>Hello,</P><P>&nbsp;</P><P>we are waiting for a patch fixing this issue (TOS version 8.0.1). The last update of the article <A href="https://www.talend.com/security/incident-response/" alt="https://www.talend.com/security/incident-response/" target="_blank">https://www.talend.com/security/incident-response/</A> was three weeks ago. The only information regarding a patch for TOS is "Remediation for Talend Open Source is not in scope". Are there any information when a patch for TOS approximately is beeing released?</P> Thu, 10 Feb 2022 11:55:43 GMT dtxstg 2022-02-10T11:55:43Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407012#M11354 <P>Hi,</P><P>is Talend BD 6.4.1 affected at all by the log4j vulnerability problem?</P><P>The Talend installation and workspace directories only contain older versions log4j-1.2.15.jar and log4j-1.2.16.jar.</P><P>The log4j problem affects only log4j versions higher than 2.0.</P><P>So am I correct that Talend BD 6.4.1 is not affected?</P> Fri, 15 Nov 2024 23:25:22 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407012#M11354 SZollikofer 2024-11-15T23:25:22Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407013#M11355 <P>Hello,</P><P>Same question for Talend ESB 7.3.1 regarding this official announcement : https://logging.apache.org/log4j/2.x/security.html</P><P>&nbsp;</P><P>And if yes what is the procedure to upgrade the version (not talend just log4j)</P> Mon, 13 Dec 2021 15:47:53 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407013#M11355 JSD03 2021-12-13T15:47:53Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407014#M11356 <P>My security team is asking the same questions. We are running Talend Cloud Big Data 7.3.1 with Talend Studio 7.3.1 and I would like to understand our exposure to this vulnerability.</P> Mon, 13 Dec 2021 20:58:50 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407014#M11356 MikeBender27 2021-12-13T20:58:50Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407015#M11357 <P>We are preparing migration to 7.3.1 and we are waiting also news and recommandation from Talend</P> Tue, 14 Dec 2021 12:29:17 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407015#M11357 lfr 2021-12-14T12:29:17Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407016#M11358 <P>Hi all, I'd like to draw your attention to this page on the vulnerability....</P><P>&nbsp;</P><P>https://www.talend.com/security/incident-response/</P> Wed, 15 Dec 2021 21:50:15 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407016#M11358 Anonymous 2021-12-15T21:50:15Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407017#M11359 <P>Yes good: we have applied this fix on our system but since a new log4j vulnerability has been published today : https://nvd.nist.gov/vuln/detail/CVE-2021-45046. Do you have a new workaround ?</P> Thu, 16 Dec 2021 15:37:53 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407017#M11359 JSD03 2021-12-16T15:37:53Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407018#M11360 <P>Just to be clear, the document linked to above does not list fixes, it lists ways to mitigate for this issue until patches are ready. I have spoken to our Support team and have been informed that the incident-response page is being updated as we speak.</P> Thu, 16 Dec 2021 16:07:17 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407018#M11360 Anonymous 2021-12-16T16:07:17Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407019#M11361 <P>OK thanks for the clarification</P> Thu, 16 Dec 2021 16:23:12 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407019#M11361 JSD03 2021-12-16T16:23:12Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407020#M11362 <P>Mitigation is NOT remediation. A company like Talend should know this. I suspect they do and just do not care.</P> Mon, 07 Feb 2022 15:02:43 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407020#M11362 seaferring 2022-02-07T15:02:43Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407021#M11363 <P>Hi @Malcolm O'Callaghan​,</P><P>&nbsp;</P><P>If you take a look at the page I pointed to (https://www.talend.com/security/incident-response/) you will see that patches or upgrades have been released for all of our subscription products. The mitigation steps were added to allow people to make their environments as safe as possible while the R&amp;D work was taking place on the patches. These were released as soon as possible.</P><P>&nbsp;</P><P>Some of the many benefits of using the subscription product are that it comes with support, upgrades and patches. The Open Studio product does not. Due to this, there is no "patch" implementation functionality built-in to it. To upgrade, you need to take a new version. When the new version is released, it will contain all of the fixes to these Apache Log4j issues. If you would like to receive the benefit of patches, upgrades and support, I can arrange for one of our sales team to contact you. Please let me know if this is a route that you'd like to take.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Richard </P> Mon, 07 Feb 2022 15:23:46 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407021#M11363 Anonymous 2022-02-07T15:23:46Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407022#M11364 <P>Hello,</P><P>&nbsp;</P><P>we are waiting for a patch fixing this issue (TOS version 8.0.1). The last update of the article <A href="https://www.talend.com/security/incident-response/" alt="https://www.talend.com/security/incident-response/" target="_blank">https://www.talend.com/security/incident-response/</A> was three weeks ago. The only information regarding a patch for TOS is "Remediation for Talend Open Source is not in scope". Are there any information when a patch for TOS approximately is beeing released?</P> Thu, 10 Feb 2022 11:55:43 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407022#M11364 dtxstg 2022-02-10T11:55:43Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407023#M11365 <P>I'm afraid a patch for TOS will not be released. It will be fixed in the next version. There are certain mitigation steps you can follow in the article you linked to.</P> Thu, 10 Feb 2022 15:30:40 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407023#M11365 Anonymous 2022-02-10T15:30:40Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407024#M11366 <P>@Richard Hall​&nbsp; Thank you for your fast reply. Is it foreseeable when the next Version of TOS is beeing released?</P> Thu, 10 Feb 2022 16:35:12 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407024#M11366 dtxstg 2022-02-10T16:35:12Z https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407025#M11367 <P>Hi @Marc Veitinger​,,</P><P>&nbsp;</P><P>I am not currently aware of the schedule for the next release, but I have put a couple of questions out to our R&amp;D team. When I get a response, I will update. </P><P>&nbsp;</P><P>I should point out that they may not have this set in stone as yet since we have only just released v8. If that is the case, it may take a while before I can confirm a period.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Richard</P> Thu, 10 Feb 2022 18:35:57 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4j-vulnerability/m-p/2407025#M11367 Anonymous 2022-02-10T18:35:57Z