Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
SYSTEM MAINTENANCE: Thurs., Sept. 19, 1 AM ET, Platform will be unavailable for approx. 60 minutes.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
sgovinda1654106847
Contributor
Contributor
‎2022-06-01 02:23 PM

Log4j Vulnerability

We are using Talend studio 7.3.1.20202019_1130 and build the jobs and schedule them in Unix server.

The Build provides us log4j..2.12 versions.

We implemented two steps as talend advised to overcome log4j Vulnerability as given below

1) In log4j2 xml file included {nolookups}

2) In Studio under Run/debug JVM arguments added -Dlog4j2.formatMsgNoLookups=true

But our organization recommends following Apache standards "

customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later)"

So please advise how can we go for next steps, do we need to upgrade or any patch available so on, what is the best solution

Labels (2)
Labels
210 Views
0 Likes
2 Replies
Anonymous
Not applicable
‎2022-06-02 03:58 AM

@sri ranga pavan govinda​, please read this page about log4j issue, if you are using enterprise subscription products, raise a ticket on Talend Support Portal to request a patch.

 

Regards

Shong

210 Views
0 Likes
Evandao
Contributor III
Contributor III
‎2022-08-19 08:14 AM

Hello guys I was also having trouble doing the update version of the log4j library. Looking on the internet I found this article that was accurate in solving the problem. I hope they help people who use the open version.

Updating Talend Log4j libraries - User's Manual - 7.0 (rob-ex.com)

210 Views
0 Likes