https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407041#M11370 <P>Hi,</P><P></P><P></P><P>How update log4j ?</P><P></P><P></P><P>Thanks</P> Fri, 15 Nov 2024 23:24:48 GMT sla 2024-11-15T23:24:48Z https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407041#M11370 <P>Hi,</P><P></P><P></P><P>How update log4j ?</P><P></P><P></P><P>Thanks</P> Fri, 15 Nov 2024 23:24:48 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407041#M11370 sla 2024-11-15T23:24:48Z https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407042#M11371 <P>Hello,</P><P>For information on how the Log4j2 vulnerability can be mitigated, please look here....</P><P><A href="https://www.talend.com/security/incident-response/" alt="https://www.talend.com/security/incident-response/" target="_blank">https://www.talend.com/security/incident-response/</A></P><P>Best regards</P><P>Sabrina</P> Thu, 16 Dec 2021 02:58:10 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407042#M11371 Anonymous 2021-12-16T02:58:10Z https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407043#M11372 <P>Hi, </P><P>&nbsp;</P><P>We are using Talend Studio version 7.3.1 which has Log4j - 2.12.1</P><P>&nbsp;</P><P>we have Log4J disabled in the project settings. We wanted to confirm if it is still a risk? </P><P>&nbsp;</P><P>The work around mentioned for Talend Studio <A href="https://www.talend.com/security/incident-response/" alt="https://www.talend.com/security/incident-response/" target="_blank">https://www.talend.com/security/incident-response/</A></P><P>comes into effect or is saved only when L4J is enabled. Could you please confirm if there's a risk if its totally disabled on the Project properties. </P> Thu, 16 Dec 2021 03:10:58 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407043#M11372 AT_bytes 2021-12-16T03:10:58Z https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407044#M11373 <P>Hello,</P><P>I'm not sure that there's a risk if its totally disabled on the Project properties. </P><P>Could you please contact Talend Support for assistance?</P><P>Best regards</P><P>Sabrina</P> Thu, 16 Dec 2021 03:16:27 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407044#M11373 Anonymous 2021-12-16T03:16:27Z https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407045#M11374 <P>Hi AT_bytes,</P><P>&nbsp;</P><P>Did you get the answer to your question ?</P><P>I'm using also Talend Open Studio version 7.3.1 and Log4j is disabled in project settings.</P><P>But the log4j librairies are embedded in the job build, I don't know why.</P><P>&nbsp;</P><P>If Log4j is disabled in project settings, do we have only to delete log4j librairies in the job build ?</P><P>&nbsp;</P><P>Thanks in advance</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 21 Dec 2021 13:28:22 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407045#M11374 Fernandez 2021-12-21T13:28:22Z https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407046#M11375 <P>Hello,</P><P>Remediation for Talend Open Source is not in scope, please feel free to create a jira issue of TUP project on talend bug tracker. Our developers from RD team will check it to see if there is any work item for it.</P><P><A href="https://jira.talendforge.org/secure/Dashboard.jspa" alt="https://jira.talendforge.org/secure/Dashboard.jspa" target="_blank">https://jira.talendforge.org/secure/Dashboard.jspa</A></P><P>Best regards</P><P>Sabrina</P> Wed, 22 Dec 2021 03:29:01 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407046#M11375 Anonymous 2021-12-22T03:29:01Z https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407047#M11376 <P>Hello Fernandez, </P><P>&nbsp;</P><P>Not yet. For now, we are just following these steps:</P><P>&nbsp;</P><P>"For running jobs in the Studio, the issue can be mitigated by specifying: "-Dlog4j2.formatMsgNoLookups=true" as a JVM argument when running the job." recommended on https://www.talend.com/security/incident-response/</P><P>&nbsp;</P> Wed, 22 Dec 2021 04:09:50 GMT https://community.qlik.com/t5/Installing-and-Upgrading/log4J/m-p/2407047#M11376 AT_bytes 2021-12-22T04:09:50Z