Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
SYSTEM MAINTENANCE: Thurs., Sept. 19, 1 AM ET, Platform will be unavailable for approx. 60 minutes.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Yogesh0204
Contributor
Contributor
‎2021-12-22 07:46 AM

Log4j2 Vulnerability

Will the mitigation provided for the Talend Studio for Log4j "-Dlog4j2.formatMsgNoLookups=true" - will it work for Talend Open Studio 7.3, or any other way that help to mitigate the issue in TOS.

Labels (2)
Labels
591 Views
10 Replies
Anonymous
Not applicable
‎2021-12-22 10:34 PM

Hello,

Regarding of this response Publication Date: December 22, 2021 https://www.talend.com/security/incident-response/, remediation for Talend Open Source is not in scope. We are trying to work on remediation for talend open studio and will come back to you as soon as possible.

Best regards

Sabrina

 

510 Views
0 Likes
veeaar
Contributor
Contributor
‎2021-12-23 01:36 AM

If i download the V8.0.1 talend open studio and migrate my jobs from 7.3.1 to the latest one will it fix the issue?

 

510 Views
0 Likes
Anonymous
Not applicable
‎2021-12-23 03:45 AM

Hello,

I’m afraid Talend 8 version was released prior to the vulnerability being revealed.

Best regards

Sabrina

 

510 Views
0 Likes
veeaar
Contributor
Contributor
‎2021-12-23 09:51 AM

Thanks Sabrina. My IT Security Team asked me to look into the R2021-12 (cumulative patch). Is this patch applicable for Talend Open Studio For Data Integration (7.3.1.20200219_1130)?

 

We are using the open studio and we have our production go live in 15 days

 

Could you please confirm what are the options we have at this time to fix the log4j issues for this?

 

 

Thanks in advance for your quick response

 

510 Views
0 Likes
Anonymous
Not applicable
‎2021-12-23 09:37 PM

In response to veeaar

Hello,

We do not supply patches for the Open Studio releases. Patches are specific to Talend Service, the version of the Talend Service, the severity of the risk, and other mitigating controls Talend maintains.

You can find mitigation instructions for existing products here….

Publication Date: December 23, 2021: https://www.talend.com/security/incident-response/

As remediation for Talend Open Source is not in scope, we have already escalated it to our IT security team to see if there is any graceful workaround and solution for talend open studio and then come back to you as soon as possible.

Best regards

Sabrina

510 Views
0 Likes
ABD2
Contributor
Contributor
‎2021-12-27 10:30 AM

Hi,

Any news for Talend Open Studio 7.3 or 8.0 ?

When will it comes into your scope ?

In the meantime, is there a way for us to prevent TOS to include vulnerable log4j jar files into our builds (TOS do so even when log4j is not enabled for a project !) ?

Thanks in advance for your help

510 Views
0 Likes
Anonymous
Not applicable
‎2021-12-27 10:47 PM

In response to ABD2

Hello,

We’re working on updating the TOS with the Log4j fix and will keep you update to your issue.

Meanwhile the mitigation steps that we have described in the Talend Help (incident response) apply to TOS as well.

https://www.talend.com/security/incident-response/

Best regards

Sabrina

510 Views
0 Likes
Anonymous
Not applicable
‎2021-12-31 01:55 AM

Hello,

The mitigation steps are now located on help.talend.com: https://document-link.us.cloud.talend.com/talend_log4j2_cve_statement?lang=en&version=latest&env=prd 

Which provides all the workarounds for studio.

Best regards

Sabrina

510 Views
0 Likes
abcdmichel
Contributor
Contributor
‎2022-01-05 04:05 AM

For Talend Open Studio 7.3 or 8.0, are the mitigation steps proposed essential when our projects properties don't use log4j (Check Box not checked). I know we still have all the jar files generated in anyways.

Thanks in advance for the help.

0695b00000LzQorAAF.png

510 Views
0 Likes